diff --git a/internal/controller/testdata/crds/long-crd.yaml b/internal/controller/testdata/crds/long-crd.yaml new file mode 100644 index 00000000..31f93f52 --- /dev/null +++ b/internal/controller/testdata/crds/long-crd.yaml @@ -0,0 +1,16169 @@ +apiVersion: v1 +kind: Namespace +metadata: + labels: + cluster.x-k8s.io/provider: infrastructure-aws + name: capa-system +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cert-manager.io/inject-ca-from: capa-system/capa-serving-cert + controller-gen.kubebuilder.io/version: v0.13.0 + labels: + cluster.x-k8s.io/provider: infrastructure-aws + cluster.x-k8s.io/v1alpha3: v1alpha3 + cluster.x-k8s.io/v1alpha4: v1alpha4 + cluster.x-k8s.io/v1beta1: v1beta1_v1beta2 + clusterctl.cluster.x-k8s.io/move-hierarchy: "" + name: awsclustercontrolleridentities.infrastructure.cluster.x-k8s.io +spec: + conversion: + strategy: Webhook + webhook: + clientConfig: + caBundle: Cg== + service: + name: capa-webhook-service + namespace: capa-system + path: /convert + conversionReviewVersions: + - v1 + - v1beta1 + group: infrastructure.cluster.x-k8s.io + names: + categories: + - cluster-api + kind: AWSClusterControllerIdentity + listKind: AWSClusterControllerIdentityList + plural: awsclustercontrolleridentities + shortNames: + - awsci + singular: awsclustercontrolleridentity + scope: Cluster + versions: + - name: v1beta1 + schema: + openAPIV3Schema: + description: AWSClusterControllerIdentity is the Schema for the awsclustercontrolleridentities + API It is used to grant access to use Cluster API Provider AWS Controller + credentials. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: Spec for this AWSClusterControllerIdentity. + properties: + allowedNamespaces: + description: AllowedNamespaces is used to identify which namespaces + are allowed to use the identity from. Namespaces can be selected + either using an array of namespaces or with label selector. An empty + allowedNamespaces object indicates that AWSClusters can use this + identity from any namespace. If this object is nil, no namespaces + will be allowed (default behaviour, if this field is not provided) + A namespace should be either in the NamespaceList or match with + Selector to use the identity. + nullable: true + properties: + list: + description: An nil or empty list indicates that AWSClusters cannot + use the identity from any namespace. + items: + type: string + nullable: true + type: array + selector: + description: An empty selector indicates that AWSClusters cannot + use this AWSClusterIdentity from any namespace. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector + that contains values, a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are In, NotIn, + Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. If + the operator is In or NotIn, the values array must + be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced + during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A + single {key,value} in the matchLabels map is equivalent + to an element of matchExpressions, whose key field is "key", + the operator is "In", and the values array contains only + "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + type: object + type: object + type: object + served: false + storage: false + - name: v1beta2 + schema: + openAPIV3Schema: + description: AWSClusterControllerIdentity is the Schema for the awsclustercontrolleridentities + API It is used to grant access to use Cluster API Provider AWS Controller + credentials. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: Spec for this AWSClusterControllerIdentity. + properties: + allowedNamespaces: + description: AllowedNamespaces is used to identify which namespaces + are allowed to use the identity from. Namespaces can be selected + either using an array of namespaces or with label selector. An empty + allowedNamespaces object indicates that AWSClusters can use this + identity from any namespace. If this object is nil, no namespaces + will be allowed (default behaviour, if this field is not provided) + A namespace should be either in the NamespaceList or match with + Selector to use the identity. + nullable: true + properties: + list: + description: An nil or empty list indicates that AWSClusters cannot + use the identity from any namespace. + items: + type: string + nullable: true + type: array + selector: + description: An empty selector indicates that AWSClusters cannot + use this AWSClusterIdentity from any namespace. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector + that contains values, a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are In, NotIn, + Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. If + the operator is In or NotIn, the values array must + be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced + during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A + single {key,value} in the matchLabels map is equivalent + to an element of matchExpressions, whose key field is "key", + the operator is "In", and the values array contains only + "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + type: object + type: object + type: object + served: true + storage: true +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cert-manager.io/inject-ca-from: capa-system/capa-serving-cert + controller-gen.kubebuilder.io/version: v0.13.0 + labels: + cluster.x-k8s.io/provider: infrastructure-aws + cluster.x-k8s.io/v1alpha3: v1alpha3 + cluster.x-k8s.io/v1alpha4: v1alpha4 + cluster.x-k8s.io/v1beta1: v1beta1_v1beta2 + clusterctl.cluster.x-k8s.io/move-hierarchy: "" + name: awsclusterroleidentities.infrastructure.cluster.x-k8s.io +spec: + conversion: + strategy: Webhook + webhook: + clientConfig: + caBundle: Cg== + service: + name: capa-webhook-service + namespace: capa-system + path: /convert + conversionReviewVersions: + - v1 + - v1beta1 + group: infrastructure.cluster.x-k8s.io + names: + categories: + - cluster-api + kind: AWSClusterRoleIdentity + listKind: AWSClusterRoleIdentityList + plural: awsclusterroleidentities + shortNames: + - awsri + singular: awsclusterroleidentity + scope: Cluster + versions: + - name: v1beta1 + schema: + openAPIV3Schema: + description: AWSClusterRoleIdentity is the Schema for the awsclusterroleidentities + API It is used to assume a role using the provided sourceRef. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: Spec for this AWSClusterRoleIdentity. + properties: + allowedNamespaces: + description: AllowedNamespaces is used to identify which namespaces + are allowed to use the identity from. Namespaces can be selected + either using an array of namespaces or with label selector. An empty + allowedNamespaces object indicates that AWSClusters can use this + identity from any namespace. If this object is nil, no namespaces + will be allowed (default behaviour, if this field is not provided) + A namespace should be either in the NamespaceList or match with + Selector to use the identity. + nullable: true + properties: + list: + description: An nil or empty list indicates that AWSClusters cannot + use the identity from any namespace. + items: + type: string + nullable: true + type: array + selector: + description: An empty selector indicates that AWSClusters cannot + use this AWSClusterIdentity from any namespace. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector + that contains values, a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are In, NotIn, + Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. If + the operator is In or NotIn, the values array must + be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced + during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A + single {key,value} in the matchLabels map is equivalent + to an element of matchExpressions, whose key field is "key", + the operator is "In", and the values array contains only + "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + type: object + durationSeconds: + description: The duration, in seconds, of the role session before + it is renewed. + format: int32 + maximum: 43200 + minimum: 900 + type: integer + externalID: + description: A unique identifier that might be required when you assume + a role in another account. If the administrator of the account to + which the role belongs provided you with an external ID, then provide + that value in the ExternalId parameter. This value can be any string, + such as a passphrase or account number. A cross-account role is + usually set up to trust everyone in an account. Therefore, the administrator + of the trusting account might send an external ID to the administrator + of the trusted account. That way, only someone with the ID can assume + the role, rather than everyone in the account. For more information + about the external ID, see How to Use an External ID When Granting + Access to Your AWS Resources to a Third Party in the IAM User Guide. + type: string + inlinePolicy: + description: An IAM policy as a JSON-encoded string that you want + to use as an inline session policy. + type: string + policyARNs: + description: The Amazon Resource Names (ARNs) of the IAM managed policies + that you want to use as managed session policies. The policies must + exist in the same account as the role. + items: + type: string + type: array + roleARN: + description: The Amazon Resource Name (ARN) of the role to assume. + type: string + sessionName: + description: An identifier for the assumed role session + type: string + sourceIdentityRef: + description: SourceIdentityRef is a reference to another identity + which will be chained to do role assumption. All identity types + are accepted. + properties: + kind: + description: Kind of the identity. + enum: + - AWSClusterControllerIdentity + - AWSClusterRoleIdentity + - AWSClusterStaticIdentity + type: string + name: + description: Name of the identity. + minLength: 1 + type: string + required: + - kind + - name + type: object + required: + - roleARN + type: object + type: object + served: false + storage: false + - name: v1beta2 + schema: + openAPIV3Schema: + description: AWSClusterRoleIdentity is the Schema for the awsclusterroleidentities + API It is used to assume a role using the provided sourceRef. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: Spec for this AWSClusterRoleIdentity. + properties: + allowedNamespaces: + description: AllowedNamespaces is used to identify which namespaces + are allowed to use the identity from. Namespaces can be selected + either using an array of namespaces or with label selector. An empty + allowedNamespaces object indicates that AWSClusters can use this + identity from any namespace. If this object is nil, no namespaces + will be allowed (default behaviour, if this field is not provided) + A namespace should be either in the NamespaceList or match with + Selector to use the identity. + nullable: true + properties: + list: + description: An nil or empty list indicates that AWSClusters cannot + use the identity from any namespace. + items: + type: string + nullable: true + type: array + selector: + description: An empty selector indicates that AWSClusters cannot + use this AWSClusterIdentity from any namespace. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector + that contains values, a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are In, NotIn, + Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. If + the operator is In or NotIn, the values array must + be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced + during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A + single {key,value} in the matchLabels map is equivalent + to an element of matchExpressions, whose key field is "key", + the operator is "In", and the values array contains only + "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + type: object + durationSeconds: + description: The duration, in seconds, of the role session before + it is renewed. + format: int32 + maximum: 43200 + minimum: 900 + type: integer + externalID: + description: A unique identifier that might be required when you assume + a role in another account. If the administrator of the account to + which the role belongs provided you with an external ID, then provide + that value in the ExternalId parameter. This value can be any string, + such as a passphrase or account number. A cross-account role is + usually set up to trust everyone in an account. Therefore, the administrator + of the trusting account might send an external ID to the administrator + of the trusted account. That way, only someone with the ID can assume + the role, rather than everyone in the account. For more information + about the external ID, see How to Use an External ID When Granting + Access to Your AWS Resources to a Third Party in the IAM User Guide. + type: string + inlinePolicy: + description: An IAM policy as a JSON-encoded string that you want + to use as an inline session policy. + type: string + policyARNs: + description: The Amazon Resource Names (ARNs) of the IAM managed policies + that you want to use as managed session policies. The policies must + exist in the same account as the role. + items: + type: string + type: array + roleARN: + description: The Amazon Resource Name (ARN) of the role to assume. + type: string + sessionName: + description: An identifier for the assumed role session + type: string + sourceIdentityRef: + description: SourceIdentityRef is a reference to another identity + which will be chained to do role assumption. All identity types + are accepted. + properties: + kind: + description: Kind of the identity. + enum: + - AWSClusterControllerIdentity + - AWSClusterRoleIdentity + - AWSClusterStaticIdentity + type: string + name: + description: Name of the identity. + minLength: 1 + type: string + required: + - kind + - name + type: object + required: + - roleARN + type: object + type: object + served: true + storage: true +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cert-manager.io/inject-ca-from: capa-system/capa-serving-cert + controller-gen.kubebuilder.io/version: v0.13.0 + labels: + cluster.x-k8s.io/provider: infrastructure-aws + cluster.x-k8s.io/v1alpha3: v1alpha3 + cluster.x-k8s.io/v1alpha4: v1alpha4 + cluster.x-k8s.io/v1beta1: v1beta1_v1beta2 + name: awsclusters.infrastructure.cluster.x-k8s.io +spec: + conversion: + strategy: Webhook + webhook: + clientConfig: + caBundle: Cg== + service: + name: capa-webhook-service + namespace: capa-system + path: /convert + conversionReviewVersions: + - v1 + - v1beta1 + group: infrastructure.cluster.x-k8s.io + names: + categories: + - cluster-api + kind: AWSCluster + listKind: AWSClusterList + plural: awsclusters + shortNames: + - awsc + singular: awscluster + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: Cluster to which this AWSCluster belongs + jsonPath: .metadata.labels.cluster\.x-k8s\.io/cluster-name + name: Cluster + type: string + - description: Cluster infrastructure is ready for EC2 instances + jsonPath: .status.ready + name: Ready + type: string + - description: AWS VPC the cluster is using + jsonPath: .spec.network.vpc.id + name: VPC + type: string + - description: API Endpoint + jsonPath: .spec.controlPlaneEndpoint + name: Endpoint + priority: 1 + type: string + - description: Bastion IP address for breakglass access + jsonPath: .status.bastion.publicIp + name: Bastion IP + type: string + name: v1beta1 + schema: + openAPIV3Schema: + description: AWSCluster is the schema for Amazon EC2 based Kubernetes Cluster + API. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: AWSClusterSpec defines the desired state of an EC2-based + Kubernetes cluster. + properties: + additionalTags: + additionalProperties: + type: string + description: AdditionalTags is an optional set of tags to add to AWS + resources managed by the AWS provider, in addition to the ones added + by default. + type: object + bastion: + description: Bastion contains options to configure the bastion host. + properties: + allowedCIDRBlocks: + description: AllowedCIDRBlocks is a list of CIDR blocks allowed + to access the bastion host. They are set as ingress rules for + the Bastion host's Security Group (defaults to 0.0.0.0/0). + items: + type: string + type: array + ami: + description: AMI will use the specified AMI to boot the bastion. + If not specified, the AMI will default to one picked out in + public space. + type: string + disableIngressRules: + description: DisableIngressRules will ensure there are no Ingress + rules in the bastion host's security group. Requires AllowedCIDRBlocks + to be empty. + type: boolean + enabled: + description: Enabled allows this provider to create a bastion + host instance with a public ip to access the VPC private network. + type: boolean + instanceType: + description: InstanceType will use the specified instance type + for the bastion. If not specified, Cluster API Provider AWS + will use t3.micro for all regions except us-east-1, where t2.micro + will be the default. + type: string + type: object + controlPlaneEndpoint: + description: ControlPlaneEndpoint represents the endpoint used to + communicate with the control plane. + properties: + host: + description: The hostname on which the API server is serving. + type: string + port: + description: The port on which the API server is serving. + format: int32 + type: integer + required: + - host + - port + type: object + controlPlaneLoadBalancer: + description: ControlPlaneLoadBalancer is optional configuration for + customizing control plane behavior. + properties: + additionalSecurityGroups: + description: AdditionalSecurityGroups sets the security groups + used by the load balancer. Expected to be security group IDs + This is optional - if not provided new security groups will + be created for the load balancer + items: + type: string + type: array + crossZoneLoadBalancing: + description: "CrossZoneLoadBalancing enables the classic ELB cross + availability zone balancing. \n With cross-zone load balancing, + each load balancer node for your Classic Load Balancer distributes + requests evenly across the registered instances in all enabled + Availability Zones. If cross-zone load balancing is disabled, + each load balancer node distributes requests evenly across the + registered instances in its Availability Zone only. \n Defaults + to false." + type: boolean + healthCheckProtocol: + description: HealthCheckProtocol sets the protocol type for classic + ELB health check target default value is ClassicELBProtocolSSL + type: string + name: + description: Name sets the name of the classic ELB load balancer. + As per AWS, the name must be unique within your set of load + balancers for the region, must have a maximum of 32 characters, + must contain only alphanumeric characters or hyphens, and cannot + begin or end with a hyphen. Once set, the value cannot be changed. + maxLength: 32 + pattern: ^[A-Za-z0-9]([A-Za-z0-9]{0,31}|[-A-Za-z0-9]{0,30}[A-Za-z0-9])$ + type: string + scheme: + default: internet-facing + description: Scheme sets the scheme of the load balancer (defaults + to internet-facing) + enum: + - internet-facing + - internal + type: string + subnets: + description: Subnets sets the subnets that should be applied to + the control plane load balancer (defaults to discovered subnets + for managed VPCs or an empty set for unmanaged VPCs) + items: + type: string + type: array + type: object + identityRef: + description: IdentityRef is a reference to an identity to be used + when reconciling the managed control plane. If no identity is specified, + the default identity for this controller will be used. + properties: + kind: + description: Kind of the identity. + enum: + - AWSClusterControllerIdentity + - AWSClusterRoleIdentity + - AWSClusterStaticIdentity + type: string + name: + description: Name of the identity. + minLength: 1 + type: string + required: + - kind + - name + type: object + imageLookupBaseOS: + description: ImageLookupBaseOS is the name of the base operating system + used to look up machine images when a machine does not specify an + AMI. When set, this will be used for all cluster machines unless + a machine specifies a different ImageLookupBaseOS. + type: string + imageLookupFormat: + description: 'ImageLookupFormat is the AMI naming format to look up + machine images when a machine does not specify an AMI. When set, + this will be used for all cluster machines unless a machine specifies + a different ImageLookupOrg. Supports substitutions for {{.BaseOS}} + and {{.K8sVersion}} with the base OS and kubernetes version, respectively. + The BaseOS will be the value in ImageLookupBaseOS or ubuntu (the + default), and the kubernetes version as defined by the packages + produced by kubernetes/release without v as a prefix: 1.13.0, 1.12.5-mybuild.1, + or 1.17.3. For example, the default image format of capa-ami-{{.BaseOS}}-?{{.K8sVersion}}-* + will end up searching for AMIs that match the pattern capa-ami-ubuntu-?1.18.0-* + for a Machine that is targeting kubernetes v1.18.0 and the ubuntu + base OS. See also: https://golang.org/pkg/text/template/' + type: string + imageLookupOrg: + description: ImageLookupOrg is the AWS Organization ID to look up + machine images when a machine does not specify an AMI. When set, + this will be used for all cluster machines unless a machine specifies + a different ImageLookupOrg. + type: string + network: + description: NetworkSpec encapsulates all things related to AWS network. + properties: + cni: + description: CNI configuration + properties: + cniIngressRules: + description: CNIIngressRules specify rules to apply to control + plane and worker node security groups. The source for the + rule will be set to control plane and worker security group + IDs. + items: + description: CNIIngressRule defines an AWS ingress rule + for CNI requirements. + properties: + description: + type: string + fromPort: + format: int64 + type: integer + protocol: + description: SecurityGroupProtocol defines the protocol + type for a security group rule. + type: string + toPort: + format: int64 + type: integer + required: + - description + - fromPort + - protocol + - toPort + type: object + type: array + type: object + securityGroupOverrides: + additionalProperties: + type: string + description: SecurityGroupOverrides is an optional set of security + groups to use for cluster instances This is optional - if not + provided new security groups will be created for the cluster + type: object + subnets: + description: Subnets configuration. + items: + description: SubnetSpec configures an AWS Subnet. + properties: + availabilityZone: + description: AvailabilityZone defines the availability zone + to use for this subnet in the cluster's region. + type: string + cidrBlock: + description: CidrBlock is the CIDR block to be used when + the provider creates a managed VPC. + type: string + id: + description: ID defines a unique identifier to reference + this resource. + type: string + ipv6CidrBlock: + description: IPv6CidrBlock is the IPv6 CIDR block to be + used when the provider creates a managed VPC. A subnet + can have an IPv4 and an IPv6 address. IPv6 is only supported + in managed clusters, this field cannot be set on AWSCluster + object. + type: string + isIpv6: + description: IsIPv6 defines the subnet as an IPv6 subnet. + A subnet is IPv6 when it is associated with a VPC that + has IPv6 enabled. IPv6 is only supported in managed clusters, + this field cannot be set on AWSCluster object. + type: boolean + isPublic: + description: IsPublic defines the subnet as a public subnet. + A subnet is public when it is associated with a route + table that has a route to an internet gateway. + type: boolean + natGatewayId: + description: NatGatewayID is the NAT gateway id associated + with the subnet. Ignored unless the subnet is managed + by the provider, in which case this is set on the public + subnet where the NAT gateway resides. It is then used + to determine routes for private subnets in the same AZ + as the public subnet. + type: string + routeTableId: + description: RouteTableID is the routing table id associated + with the subnet. + type: string + tags: + additionalProperties: + type: string + description: Tags is a collection of tags describing the + resource. + type: object + type: object + type: array + vpc: + description: VPC configuration. + properties: + availabilityZoneSelection: + default: Ordered + description: 'AvailabilityZoneSelection specifies how AZs + should be selected if there are more AZs in a region than + specified by AvailabilityZoneUsageLimit. There are 2 selection + schemes: Ordered - selects based on alphabetical order Random + - selects AZs randomly in a region Defaults to Ordered' + enum: + - Ordered + - Random + type: string + availabilityZoneUsageLimit: + default: 3 + description: AvailabilityZoneUsageLimit specifies the maximum + number of availability zones (AZ) that should be used in + a region when automatically creating subnets. If a region + has more than this number of AZs then this number of AZs + will be picked randomly when creating default subnets. Defaults + to 3 + minimum: 1 + type: integer + cidrBlock: + description: CidrBlock is the CIDR block to be used when the + provider creates a managed VPC. Defaults to 10.0.0.0/16. + type: string + id: + description: ID is the vpc-id of the VPC this provider should + use to create resources. + type: string + internetGatewayId: + description: InternetGatewayID is the id of the internet gateway + associated with the VPC. + type: string + ipv6: + description: IPv6 contains ipv6 specific settings for the + network. Supported only in managed clusters. This field + cannot be set on AWSCluster object. + properties: + cidrBlock: + description: CidrBlock is the CIDR block provided by Amazon + when VPC has enabled IPv6. + type: string + egressOnlyInternetGatewayId: + description: EgressOnlyInternetGatewayID is the id of + the egress only internet gateway associated with an + IPv6 enabled VPC. + type: string + poolId: + description: PoolID is the IP pool which must be defined + in case of BYO IP is defined. + type: string + type: object + tags: + additionalProperties: + type: string + description: Tags is a collection of tags describing the resource. + type: object + type: object + type: object + region: + description: The AWS Region the cluster lives in. + type: string + s3Bucket: + description: S3Bucket contains options to configure a supporting S3 + bucket for this cluster - currently used for nodes requiring Ignition + (https://coreos.github.io/ignition/) for bootstrapping (requires + BootstrapFormatIgnition feature flag to be enabled). + properties: + controlPlaneIAMInstanceProfile: + description: ControlPlaneIAMInstanceProfile is a name of the IAMInstanceProfile, + which will be allowed to read control-plane node bootstrap data + from S3 Bucket. + type: string + name: + description: Name defines name of S3 Bucket to be created. + maxLength: 63 + minLength: 3 + pattern: ^[a-z0-9][a-z0-9.-]{1,61}[a-z0-9]$ + type: string + nodesIAMInstanceProfiles: + description: NodesIAMInstanceProfiles is a list of IAM instance + profiles, which will be allowed to read worker nodes bootstrap + data from S3 Bucket. + items: + type: string + type: array + required: + - controlPlaneIAMInstanceProfile + - name + - nodesIAMInstanceProfiles + type: object + sshKeyName: + description: SSHKeyName is the name of the ssh key to attach to the + bastion host. Valid values are empty string (do not use SSH keys), + a valid SSH key name, or omitted (use the default SSH key name) + type: string + type: object + status: + description: AWSClusterStatus defines the observed state of AWSCluster. + properties: + bastion: + description: Instance describes an AWS instance. + properties: + addresses: + description: Addresses contains the AWS instance associated addresses. + items: + description: MachineAddress contains information for the node's + address. + properties: + address: + description: The machine address. + type: string + type: + description: Machine address type, one of Hostname, ExternalIP, + InternalIP, ExternalDNS or InternalDNS. + type: string + required: + - address + - type + type: object + type: array + availabilityZone: + description: Availability zone of instance + type: string + ebsOptimized: + description: Indicates whether the instance is optimized for Amazon + EBS I/O. + type: boolean + enaSupport: + description: Specifies whether enhanced networking with ENA is + enabled. + type: boolean + iamProfile: + description: The name of the IAM instance profile associated with + the instance, if applicable. + type: string + id: + type: string + imageId: + description: The ID of the AMI used to launch the instance. + type: string + instanceState: + description: The current state of the instance. + type: string + networkInterfaces: + description: Specifies ENIs attached to instance + items: + type: string + type: array + nonRootVolumes: + description: Configuration options for the non root storage volumes. + items: + description: Volume encapsulates the configuration options for + the storage device. + properties: + deviceName: + description: Device name + type: string + encrypted: + description: Encrypted is whether the volume should be encrypted + or not. + type: boolean + encryptionKey: + description: EncryptionKey is the KMS key to use to encrypt + the volume. Can be either a KMS key ID or ARN. If Encrypted + is set and this is omitted, the default AWS key will be + used. The key must already exist and be accessible by + the controller. + type: string + iops: + description: IOPS is the number of IOPS requested for the + disk. Not applicable to all types. + format: int64 + type: integer + size: + description: Size specifies size (in Gi) of the storage + device. Must be greater than the image snapshot size or + 8 (whichever is greater). + format: int64 + minimum: 8 + type: integer + throughput: + description: Throughput to provision in MiB/s supported + for the volume type. Not applicable to all types. + format: int64 + type: integer + type: + description: Type is the type of the volume (e.g. gp2, io1, + etc...). + type: string + required: + - size + type: object + type: array + privateIp: + description: The private IPv4 address assigned to the instance. + type: string + publicIp: + description: The public IPv4 address assigned to the instance, + if applicable. + type: string + rootVolume: + description: Configuration options for the root storage volume. + properties: + deviceName: + description: Device name + type: string + encrypted: + description: Encrypted is whether the volume should be encrypted + or not. + type: boolean + encryptionKey: + description: EncryptionKey is the KMS key to use to encrypt + the volume. Can be either a KMS key ID or ARN. If Encrypted + is set and this is omitted, the default AWS key will be + used. The key must already exist and be accessible by the + controller. + type: string + iops: + description: IOPS is the number of IOPS requested for the + disk. Not applicable to all types. + format: int64 + type: integer + size: + description: Size specifies size (in Gi) of the storage device. + Must be greater than the image snapshot size or 8 (whichever + is greater). + format: int64 + minimum: 8 + type: integer + throughput: + description: Throughput to provision in MiB/s supported for + the volume type. Not applicable to all types. + format: int64 + type: integer + type: + description: Type is the type of the volume (e.g. gp2, io1, + etc...). + type: string + required: + - size + type: object + securityGroupIds: + description: SecurityGroupIDs are one or more security group IDs + this instance belongs to. + items: + type: string + type: array + spotMarketOptions: + description: SpotMarketOptions option for configuring instances + to be run using AWS Spot instances. + properties: + maxPrice: + description: MaxPrice defines the maximum price the user is + willing to pay for Spot VM instances + type: string + type: object + sshKeyName: + description: The name of the SSH key pair. + type: string + subnetId: + description: The ID of the subnet of the instance. + type: string + tags: + additionalProperties: + type: string + description: The tags associated with the instance. + type: object + tenancy: + description: Tenancy indicates if instance should run on shared + or single-tenant hardware. + type: string + type: + description: The instance type. + type: string + userData: + description: UserData is the raw data script passed to the instance + which is run upon bootstrap. This field must not be base64 encoded + and should only be used when running a new instance. + type: string + volumeIDs: + description: IDs of the instance's volumes + items: + type: string + type: array + required: + - id + type: object + conditions: + description: Conditions provide observations of the operational state + of a Cluster API resource. + items: + description: Condition defines an observation of a Cluster API resource + operational state. + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. This should be when the underlying condition changed. + If that is not known, then using the time when the API field + changed is acceptable. + format: date-time + type: string + message: + description: A human readable message indicating details about + the transition. This field may be empty. + type: string + reason: + description: The reason for the condition's last transition + in CamelCase. The specific API may choose whether or not this + field is considered a guaranteed API. This field may not be + empty. + type: string + severity: + description: Severity provides an explicit classification of + Reason code, so the users or machines can immediately understand + the current situation and act accordingly. The Severity field + MUST be set only when Status=False. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition in CamelCase or in foo.example.com/CamelCase. + Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be useful + (see .node.status.conditions), the ability to deconflict is + important. + type: string + required: + - lastTransitionTime + - status + - type + type: object + type: array + failureDomains: + additionalProperties: + description: FailureDomainSpec is the Schema for Cluster API failure + domains. It allows controllers to understand how many failure + domains a cluster can optionally span across. + properties: + attributes: + additionalProperties: + type: string + description: Attributes is a free form map of attributes an + infrastructure provider might use or require. + type: object + controlPlane: + description: ControlPlane determines if this failure domain + is suitable for use by control plane machines. + type: boolean + type: object + description: FailureDomains is a slice of FailureDomains. + type: object + networkStatus: + description: NetworkStatus encapsulates AWS networking resources. + properties: + apiServerElb: + description: APIServerELB is the Kubernetes api server classic + load balancer. + properties: + attributes: + description: Attributes defines extra attributes associated + with the load balancer. + properties: + crossZoneLoadBalancing: + description: CrossZoneLoadBalancing enables the classic + load balancer load balancing. + type: boolean + idleTimeout: + description: IdleTimeout is time that the connection is + allowed to be idle (no data has been sent over the connection) + before it is closed by the load balancer. + format: int64 + type: integer + type: object + availabilityZones: + description: AvailabilityZones is an array of availability + zones in the VPC attached to the load balancer. + items: + type: string + type: array + dnsName: + description: DNSName is the dns name of the load balancer. + type: string + healthChecks: + description: HealthCheck is the classic elb health check associated + with the load balancer. + properties: + healthyThreshold: + format: int64 + type: integer + interval: + description: A Duration represents the elapsed time between + two instants as an int64 nanosecond count. The representation + limits the largest representable duration to approximately + 290 years. + format: int64 + type: integer + target: + type: string + timeout: + description: A Duration represents the elapsed time between + two instants as an int64 nanosecond count. The representation + limits the largest representable duration to approximately + 290 years. + format: int64 + type: integer + unhealthyThreshold: + format: int64 + type: integer + required: + - healthyThreshold + - interval + - target + - timeout + - unhealthyThreshold + type: object + listeners: + description: Listeners is an array of classic elb listeners + associated with the load balancer. There must be at least + one. + items: + description: ClassicELBListener defines an AWS classic load + balancer listener. + properties: + instancePort: + format: int64 + type: integer + instanceProtocol: + description: ClassicELBProtocol defines listener protocols + for a classic load balancer. + type: string + port: + format: int64 + type: integer + protocol: + description: ClassicELBProtocol defines listener protocols + for a classic load balancer. + type: string + required: + - instancePort + - instanceProtocol + - port + - protocol + type: object + type: array + name: + description: The name of the load balancer. It must be unique + within the set of load balancers defined in the region. + It also serves as identifier. + type: string + scheme: + description: Scheme is the load balancer scheme, either internet-facing + or private. + type: string + securityGroupIds: + description: SecurityGroupIDs is an array of security groups + assigned to the load balancer. + items: + type: string + type: array + subnetIds: + description: SubnetIDs is an array of subnets in the VPC attached + to the load balancer. + items: + type: string + type: array + tags: + additionalProperties: + type: string + description: Tags is a map of tags associated with the load + balancer. + type: object + type: object + securityGroups: + additionalProperties: + description: SecurityGroup defines an AWS security group. + properties: + id: + description: ID is a unique identifier. + type: string + ingressRule: + description: IngressRules is the inbound rules associated + with the security group. + items: + description: IngressRule defines an AWS ingress rule for + security groups. + properties: + cidrBlocks: + description: List of CIDR blocks to allow access from. + Cannot be specified with SourceSecurityGroupID. + items: + type: string + type: array + description: + type: string + fromPort: + format: int64 + type: integer + ipv6CidrBlocks: + description: List of IPv6 CIDR blocks to allow access + from. Cannot be specified with SourceSecurityGroupID. + items: + type: string + type: array + protocol: + description: SecurityGroupProtocol defines the protocol + type for a security group rule. + type: string + sourceSecurityGroupIds: + description: The security group id to allow access + from. Cannot be specified with CidrBlocks. + items: + type: string + type: array + toPort: + format: int64 + type: integer + required: + - description + - fromPort + - protocol + - toPort + type: object + type: array + name: + description: Name is the security group name. + type: string + tags: + additionalProperties: + type: string + description: Tags is a map of tags associated with the security + group. + type: object + required: + - id + - name + type: object + description: SecurityGroups is a map from the role/kind of the + security group to its unique name, if any. + type: object + type: object + ready: + default: false + type: boolean + required: + - ready + type: object + type: object + served: false + storage: false + subresources: + status: {} + - additionalPrinterColumns: + - description: Cluster to which this AWSCluster belongs + jsonPath: .metadata.labels.cluster\.x-k8s\.io/cluster-name + name: Cluster + type: string + - description: Cluster infrastructure is ready for EC2 instances + jsonPath: .status.ready + name: Ready + type: string + - description: AWS VPC the cluster is using + jsonPath: .spec.network.vpc.id + name: VPC + type: string + - description: API Endpoint + jsonPath: .spec.controlPlaneEndpoint + name: Endpoint + priority: 1 + type: string + - description: Bastion IP address for breakglass access + jsonPath: .status.bastion.publicIp + name: Bastion IP + type: string + name: v1beta2 + schema: + openAPIV3Schema: + description: AWSCluster is the schema for Amazon EC2 based Kubernetes Cluster + API. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: AWSClusterSpec defines the desired state of an EC2-based + Kubernetes cluster. + properties: + additionalTags: + additionalProperties: + type: string + description: AdditionalTags is an optional set of tags to add to AWS + resources managed by the AWS provider, in addition to the ones added + by default. + type: object + bastion: + description: Bastion contains options to configure the bastion host. + properties: + allowedCIDRBlocks: + description: AllowedCIDRBlocks is a list of CIDR blocks allowed + to access the bastion host. They are set as ingress rules for + the Bastion host's Security Group (defaults to 0.0.0.0/0). + items: + type: string + type: array + ami: + description: AMI will use the specified AMI to boot the bastion. + If not specified, the AMI will default to one picked out in + public space. + type: string + disableIngressRules: + description: DisableIngressRules will ensure there are no Ingress + rules in the bastion host's security group. Requires AllowedCIDRBlocks + to be empty. + type: boolean + enabled: + description: Enabled allows this provider to create a bastion + host instance with a public ip to access the VPC private network. + type: boolean + instanceType: + description: InstanceType will use the specified instance type + for the bastion. If not specified, Cluster API Provider AWS + will use t3.micro for all regions except us-east-1, where t2.micro + will be the default. + type: string + type: object + controlPlaneEndpoint: + description: ControlPlaneEndpoint represents the endpoint used to + communicate with the control plane. + properties: + host: + description: The hostname on which the API server is serving. + type: string + port: + description: The port on which the API server is serving. + format: int32 + type: integer + required: + - host + - port + type: object + controlPlaneLoadBalancer: + description: ControlPlaneLoadBalancer is optional configuration for + customizing control plane behavior. + properties: + additionalListeners: + description: AdditionalListeners sets the additional listeners + for the control plane load balancer. This is only applicable + to Network Load Balancer (NLB) types for the time being. + items: + description: AdditionalListenerSpec defines the desired state + of an additional listener on an AWS load balancer. + properties: + port: + description: Port sets the port for the additional listener. + format: int64 + maximum: 65535 + minimum: 1 + type: integer + protocol: + default: TCP + description: Protocol sets the protocol for the additional + listener. Currently only TCP is supported. + enum: + - TCP + type: string + required: + - port + type: object + type: array + x-kubernetes-list-map-keys: + - port + x-kubernetes-list-type: map + additionalSecurityGroups: + description: AdditionalSecurityGroups sets the security groups + used by the load balancer. Expected to be security group IDs + This is optional - if not provided new security groups will + be created for the load balancer + items: + type: string + type: array + crossZoneLoadBalancing: + description: "CrossZoneLoadBalancing enables the classic ELB cross + availability zone balancing. \n With cross-zone load balancing, + each load balancer node for your Classic Load Balancer distributes + requests evenly across the registered instances in all enabled + Availability Zones. If cross-zone load balancing is disabled, + each load balancer node distributes requests evenly across the + registered instances in its Availability Zone only. \n Defaults + to false." + type: boolean + disableHostsRewrite: + description: DisableHostsRewrite disabled the hair pinning issue + solution that adds the NLB's address as 127.0.0.1 to the hosts + file of each instance. This is by default, false. + type: boolean + healthCheckProtocol: + description: HealthCheckProtocol sets the protocol type for ELB + health check target default value is ELBProtocolSSL + enum: + - TCP + - SSL + - HTTP + - HTTPS + - TLS + - UDP + type: string + ingressRules: + description: IngressRules sets the ingress rules for the control + plane load balancer. + items: + description: IngressRule defines an AWS ingress rule for security + groups. + properties: + cidrBlocks: + description: List of CIDR blocks to allow access from. Cannot + be specified with SourceSecurityGroupID. + items: + type: string + type: array + description: + description: Description provides extended information about + the ingress rule. + type: string + fromPort: + description: FromPort is the start of port range. + format: int64 + type: integer + ipv6CidrBlocks: + description: List of IPv6 CIDR blocks to allow access from. + Cannot be specified with SourceSecurityGroupID. + items: + type: string + type: array + protocol: + description: Protocol is the protocol for the ingress rule. + Accepted values are "-1" (all), "4" (IP in IP),"tcp", + "udp", "icmp", and "58" (ICMPv6), "50" (ESP). + enum: + - "-1" + - "4" + - tcp + - udp + - icmp + - "58" + - "50" + type: string + sourceSecurityGroupIds: + description: The security group id to allow access from. + Cannot be specified with CidrBlocks. + items: + type: string + type: array + sourceSecurityGroupRoles: + description: The security group role to allow access from. + Cannot be specified with CidrBlocks. The field will be + combined with source security group IDs if specified. + items: + description: SecurityGroupRole defines the unique role + of a security group. + enum: + - bastion + - node + - controlplane + - apiserver-lb + - lb + - node-eks-additional + type: string + type: array + toPort: + description: ToPort is the end of port range. + format: int64 + type: integer + required: + - description + - fromPort + - protocol + - toPort + type: object + type: array + loadBalancerType: + default: classic + description: LoadBalancerType sets the type for a load balancer. + The default type is classic. + enum: + - classic + - elb + - alb + - nlb + - disabled + type: string + name: + description: Name sets the name of the classic ELB load balancer. + As per AWS, the name must be unique within your set of load + balancers for the region, must have a maximum of 32 characters, + must contain only alphanumeric characters or hyphens, and cannot + begin or end with a hyphen. Once set, the value cannot be changed. + maxLength: 32 + pattern: ^[A-Za-z0-9]([A-Za-z0-9]{0,31}|[-A-Za-z0-9]{0,30}[A-Za-z0-9])$ + type: string + preserveClientIP: + description: PreserveClientIP lets the user control if preservation + of client ips must be retained or not. If this is enabled 6443 + will be opened to 0.0.0.0/0. + type: boolean + scheme: + default: internet-facing + description: Scheme sets the scheme of the load balancer (defaults + to internet-facing) + enum: + - internet-facing + - internal + type: string + subnets: + description: Subnets sets the subnets that should be applied to + the control plane load balancer (defaults to discovered subnets + for managed VPCs or an empty set for unmanaged VPCs) + items: + type: string + type: array + type: object + identityRef: + description: IdentityRef is a reference to an identity to be used + when reconciling the managed control plane. If no identity is specified, + the default identity for this controller will be used. + properties: + kind: + description: Kind of the identity. + enum: + - AWSClusterControllerIdentity + - AWSClusterRoleIdentity + - AWSClusterStaticIdentity + type: string + name: + description: Name of the identity. + minLength: 1 + type: string + required: + - kind + - name + type: object + imageLookupBaseOS: + description: ImageLookupBaseOS is the name of the base operating system + used to look up machine images when a machine does not specify an + AMI. When set, this will be used for all cluster machines unless + a machine specifies a different ImageLookupBaseOS. + type: string + imageLookupFormat: + description: 'ImageLookupFormat is the AMI naming format to look up + machine images when a machine does not specify an AMI. When set, + this will be used for all cluster machines unless a machine specifies + a different ImageLookupOrg. Supports substitutions for {{.BaseOS}} + and {{.K8sVersion}} with the base OS and kubernetes version, respectively. + The BaseOS will be the value in ImageLookupBaseOS or ubuntu (the + default), and the kubernetes version as defined by the packages + produced by kubernetes/release without v as a prefix: 1.13.0, 1.12.5-mybuild.1, + or 1.17.3. For example, the default image format of capa-ami-{{.BaseOS}}-?{{.K8sVersion}}-* + will end up searching for AMIs that match the pattern capa-ami-ubuntu-?1.18.0-* + for a Machine that is targeting kubernetes v1.18.0 and the ubuntu + base OS. See also: https://golang.org/pkg/text/template/' + type: string + imageLookupOrg: + description: ImageLookupOrg is the AWS Organization ID to look up + machine images when a machine does not specify an AMI. When set, + this will be used for all cluster machines unless a machine specifies + a different ImageLookupOrg. + type: string + network: + description: NetworkSpec encapsulates all things related to AWS network. + properties: + additionalControlPlaneIngressRules: + description: AdditionalControlPlaneIngressRules is an optional + set of ingress rules to add to the control plane + items: + description: IngressRule defines an AWS ingress rule for security + groups. + properties: + cidrBlocks: + description: List of CIDR blocks to allow access from. Cannot + be specified with SourceSecurityGroupID. + items: + type: string + type: array + description: + description: Description provides extended information about + the ingress rule. + type: string + fromPort: + description: FromPort is the start of port range. + format: int64 + type: integer + ipv6CidrBlocks: + description: List of IPv6 CIDR blocks to allow access from. + Cannot be specified with SourceSecurityGroupID. + items: + type: string + type: array + protocol: + description: Protocol is the protocol for the ingress rule. + Accepted values are "-1" (all), "4" (IP in IP),"tcp", + "udp", "icmp", and "58" (ICMPv6), "50" (ESP). + enum: + - "-1" + - "4" + - tcp + - udp + - icmp + - "58" + - "50" + type: string + sourceSecurityGroupIds: + description: The security group id to allow access from. + Cannot be specified with CidrBlocks. + items: + type: string + type: array + sourceSecurityGroupRoles: + description: The security group role to allow access from. + Cannot be specified with CidrBlocks. The field will be + combined with source security group IDs if specified. + items: + description: SecurityGroupRole defines the unique role + of a security group. + enum: + - bastion + - node + - controlplane + - apiserver-lb + - lb + - node-eks-additional + type: string + type: array + toPort: + description: ToPort is the end of port range. + format: int64 + type: integer + required: + - description + - fromPort + - protocol + - toPort + type: object + type: array + cni: + description: CNI configuration + properties: + cniIngressRules: + description: CNIIngressRules specify rules to apply to control + plane and worker node security groups. The source for the + rule will be set to control plane and worker security group + IDs. + items: + description: CNIIngressRule defines an AWS ingress rule + for CNI requirements. + properties: + description: + type: string + fromPort: + format: int64 + type: integer + protocol: + description: SecurityGroupProtocol defines the protocol + type for a security group rule. + type: string + toPort: + format: int64 + type: integer + required: + - description + - fromPort + - protocol + - toPort + type: object + type: array + type: object + securityGroupOverrides: + additionalProperties: + type: string + description: SecurityGroupOverrides is an optional set of security + groups to use for cluster instances This is optional - if not + provided new security groups will be created for the cluster + type: object + subnets: + description: Subnets configuration. + items: + description: SubnetSpec configures an AWS Subnet. + properties: + availabilityZone: + description: AvailabilityZone defines the availability zone + to use for this subnet in the cluster's region. + type: string + cidrBlock: + description: CidrBlock is the CIDR block to be used when + the provider creates a managed VPC. + type: string + id: + description: "ID defines a unique identifier to reference + this resource. If you're bringing your subnet, set the + AWS subnet-id here, it must start with `subnet-`. \n When + the VPC is managed by CAPA, and you'd like the provider + to create a subnet for you, the id can be set to any placeholder + value that does not start with `subnet-`; upon creation, + the subnet AWS identifier will be populated in the `ResourceID` + field and the `id` field is going to be used as the subnet + name. If you specify a tag called `Name`, it takes precedence." + type: string + ipv6CidrBlock: + description: IPv6CidrBlock is the IPv6 CIDR block to be + used when the provider creates a managed VPC. A subnet + can have an IPv4 and an IPv6 address. IPv6 is only supported + in managed clusters, this field cannot be set on AWSCluster + object. + type: string + isIpv6: + description: IsIPv6 defines the subnet as an IPv6 subnet. + A subnet is IPv6 when it is associated with a VPC that + has IPv6 enabled. IPv6 is only supported in managed clusters, + this field cannot be set on AWSCluster object. + type: boolean + isPublic: + description: IsPublic defines the subnet as a public subnet. + A subnet is public when it is associated with a route + table that has a route to an internet gateway. + type: boolean + natGatewayId: + description: NatGatewayID is the NAT gateway id associated + with the subnet. Ignored unless the subnet is managed + by the provider, in which case this is set on the public + subnet where the NAT gateway resides. It is then used + to determine routes for private subnets in the same AZ + as the public subnet. + type: string + resourceID: + description: ResourceID is the subnet identifier from AWS, + READ ONLY. This field is populated when the provider manages + the subnet. + type: string + routeTableId: + description: RouteTableID is the routing table id associated + with the subnet. + type: string + tags: + additionalProperties: + type: string + description: Tags is a collection of tags describing the + resource. + type: object + required: + - id + type: object + type: array + x-kubernetes-list-map-keys: + - id + x-kubernetes-list-type: map + vpc: + description: VPC configuration. + properties: + availabilityZoneSelection: + default: Ordered + description: 'AvailabilityZoneSelection specifies how AZs + should be selected if there are more AZs in a region than + specified by AvailabilityZoneUsageLimit. There are 2 selection + schemes: Ordered - selects based on alphabetical order Random + - selects AZs randomly in a region Defaults to Ordered' + enum: + - Ordered + - Random + type: string + availabilityZoneUsageLimit: + default: 3 + description: AvailabilityZoneUsageLimit specifies the maximum + number of availability zones (AZ) that should be used in + a region when automatically creating subnets. If a region + has more than this number of AZs then this number of AZs + will be picked randomly when creating default subnets. Defaults + to 3 + minimum: 1 + type: integer + cidrBlock: + description: CidrBlock is the CIDR block to be used when the + provider creates a managed VPC. Defaults to 10.0.0.0/16. + Mutually exclusive with IPAMPool. + type: string + emptyRoutesDefaultVPCSecurityGroup: + description: "EmptyRoutesDefaultVPCSecurityGroup specifies + whether the default VPC security group ingress and egress + rules should be removed. \n By default, when creating a + VPC, AWS creates a security group called `default` with + ingress and egress rules that allow traffic from anywhere. + The group could be used as a potential surface attack and + it's generally suggested that the group rules are removed + or modified appropriately. \n NOTE: This only applies when + the VPC is managed by the Cluster API AWS controller." + type: boolean + id: + description: ID is the vpc-id of the VPC this provider should + use to create resources. + type: string + internetGatewayId: + description: InternetGatewayID is the id of the internet gateway + associated with the VPC. + type: string + ipamPool: + description: IPAMPool defines the IPAMv4 pool to be used for + VPC. Mutually exclusive with CidrBlock. + properties: + id: + description: ID is the ID of the IPAM pool this provider + should use to create VPC. + type: string + name: + description: Name is the name of the IPAM pool this provider + should use to create VPC. + type: string + netmaskLength: + description: The netmask length of the IPv4 CIDR you want + to allocate to VPC from an Amazon VPC IP Address Manager + (IPAM) pool. Defaults to /16 for IPv4 if not specified. + format: int64 + type: integer + type: object + ipv6: + description: IPv6 contains ipv6 specific settings for the + network. Supported only in managed clusters. This field + cannot be set on AWSCluster object. + properties: + cidrBlock: + description: CidrBlock is the CIDR block provided by Amazon + when VPC has enabled IPv6. Mutually exclusive with IPAMPool. + type: string + egressOnlyInternetGatewayId: + description: EgressOnlyInternetGatewayID is the id of + the egress only internet gateway associated with an + IPv6 enabled VPC. + type: string + ipamPool: + description: IPAMPool defines the IPAMv6 pool to be used + for VPC. Mutually exclusive with CidrBlock. + properties: + id: + description: ID is the ID of the IPAM pool this provider + should use to create VPC. + type: string + name: + description: Name is the name of the IPAM pool this + provider should use to create VPC. + type: string + netmaskLength: + description: The netmask length of the IPv4 CIDR you + want to allocate to VPC from an Amazon VPC IP Address + Manager (IPAM) pool. Defaults to /16 for IPv4 if + not specified. + format: int64 + type: integer + type: object + poolId: + description: PoolID is the IP pool which must be defined + in case of BYO IP is defined. Must be specified if CidrBlock + is set. Mutually exclusive with IPAMPool. + type: string + type: object + privateDnsHostnameTypeOnLaunch: + description: PrivateDNSHostnameTypeOnLaunch is the type of + hostname to assign to instances in the subnet at launch. + For IPv4-only and dual-stack (IPv4 and IPv6) subnets, an + instance DNS name can be based on the instance IPv4 address + (ip-name) or the instance ID (resource-name). For IPv6 only + subnets, an instance DNS name must be based on the instance + ID (resource-name). + enum: + - ip-name + - resource-name + type: string + tags: + additionalProperties: + type: string + description: Tags is a collection of tags describing the resource. + type: object + type: object + type: object + partition: + description: Partition is the AWS security partition being used. Defaults + to "aws" + type: string + region: + description: The AWS Region the cluster lives in. + type: string + s3Bucket: + description: S3Bucket contains options to configure a supporting S3 + bucket for this cluster - currently used for nodes requiring Ignition + (https://coreos.github.io/ignition/) for bootstrapping (requires + BootstrapFormatIgnition feature flag to be enabled). + properties: + controlPlaneIAMInstanceProfile: + description: ControlPlaneIAMInstanceProfile is a name of the IAMInstanceProfile, + which will be allowed to read control-plane node bootstrap data + from S3 Bucket. + type: string + name: + description: Name defines name of S3 Bucket to be created. + maxLength: 63 + minLength: 3 + pattern: ^[a-z0-9][a-z0-9.-]{1,61}[a-z0-9]$ + type: string + nodesIAMInstanceProfiles: + description: NodesIAMInstanceProfiles is a list of IAM instance + profiles, which will be allowed to read worker nodes bootstrap + data from S3 Bucket. + items: + type: string + type: array + presignedURLDuration: + description: "PresignedURLDuration defines the duration for which + presigned URLs are valid. \n This is used to generate presigned + URLs for S3 Bucket objects, which are used by control-plane + and worker nodes to fetch bootstrap data. \n When enabled, the + IAM instance profiles specified are not used." + type: string + required: + - name + type: object + secondaryControlPlaneLoadBalancer: + description: "SecondaryControlPlaneLoadBalancer is an additional load + balancer that can be used for the control plane. \n An example use + case is to have a separate internal load balancer for internal traffic, + and a separate external load balancer for external traffic." + properties: + additionalListeners: + description: AdditionalListeners sets the additional listeners + for the control plane load balancer. This is only applicable + to Network Load Balancer (NLB) types for the time being. + items: + description: AdditionalListenerSpec defines the desired state + of an additional listener on an AWS load balancer. + properties: + port: + description: Port sets the port for the additional listener. + format: int64 + maximum: 65535 + minimum: 1 + type: integer + protocol: + default: TCP + description: Protocol sets the protocol for the additional + listener. Currently only TCP is supported. + enum: + - TCP + type: string + required: + - port + type: object + type: array + x-kubernetes-list-map-keys: + - port + x-kubernetes-list-type: map + additionalSecurityGroups: + description: AdditionalSecurityGroups sets the security groups + used by the load balancer. Expected to be security group IDs + This is optional - if not provided new security groups will + be created for the load balancer + items: + type: string + type: array + crossZoneLoadBalancing: + description: "CrossZoneLoadBalancing enables the classic ELB cross + availability zone balancing. \n With cross-zone load balancing, + each load balancer node for your Classic Load Balancer distributes + requests evenly across the registered instances in all enabled + Availability Zones. If cross-zone load balancing is disabled, + each load balancer node distributes requests evenly across the + registered instances in its Availability Zone only. \n Defaults + to false." + type: boolean + disableHostsRewrite: + description: DisableHostsRewrite disabled the hair pinning issue + solution that adds the NLB's address as 127.0.0.1 to the hosts + file of each instance. This is by default, false. + type: boolean + healthCheckProtocol: + description: HealthCheckProtocol sets the protocol type for ELB + health check target default value is ELBProtocolSSL + enum: + - TCP + - SSL + - HTTP + - HTTPS + - TLS + - UDP + type: string + ingressRules: + description: IngressRules sets the ingress rules for the control + plane load balancer. + items: + description: IngressRule defines an AWS ingress rule for security + groups. + properties: + cidrBlocks: + description: List of CIDR blocks to allow access from. Cannot + be specified with SourceSecurityGroupID. + items: + type: string + type: array + description: + description: Description provides extended information about + the ingress rule. + type: string + fromPort: + description: FromPort is the start of port range. + format: int64 + type: integer + ipv6CidrBlocks: + description: List of IPv6 CIDR blocks to allow access from. + Cannot be specified with SourceSecurityGroupID. + items: + type: string + type: array + protocol: + description: Protocol is the protocol for the ingress rule. + Accepted values are "-1" (all), "4" (IP in IP),"tcp", + "udp", "icmp", and "58" (ICMPv6), "50" (ESP). + enum: + - "-1" + - "4" + - tcp + - udp + - icmp + - "58" + - "50" + type: string + sourceSecurityGroupIds: + description: The security group id to allow access from. + Cannot be specified with CidrBlocks. + items: + type: string + type: array + sourceSecurityGroupRoles: + description: The security group role to allow access from. + Cannot be specified with CidrBlocks. The field will be + combined with source security group IDs if specified. + items: + description: SecurityGroupRole defines the unique role + of a security group. + enum: + - bastion + - node + - controlplane + - apiserver-lb + - lb + - node-eks-additional + type: string + type: array + toPort: + description: ToPort is the end of port range. + format: int64 + type: integer + required: + - description + - fromPort + - protocol + - toPort + type: object + type: array + loadBalancerType: + default: classic + description: LoadBalancerType sets the type for a load balancer. + The default type is classic. + enum: + - classic + - elb + - alb + - nlb + - disabled + type: string + name: + description: Name sets the name of the classic ELB load balancer. + As per AWS, the name must be unique within your set of load + balancers for the region, must have a maximum of 32 characters, + must contain only alphanumeric characters or hyphens, and cannot + begin or end with a hyphen. Once set, the value cannot be changed. + maxLength: 32 + pattern: ^[A-Za-z0-9]([A-Za-z0-9]{0,31}|[-A-Za-z0-9]{0,30}[A-Za-z0-9])$ + type: string + preserveClientIP: + description: PreserveClientIP lets the user control if preservation + of client ips must be retained or not. If this is enabled 6443 + will be opened to 0.0.0.0/0. + type: boolean + scheme: + default: internet-facing + description: Scheme sets the scheme of the load balancer (defaults + to internet-facing) + enum: + - internet-facing + - internal + type: string + subnets: + description: Subnets sets the subnets that should be applied to + the control plane load balancer (defaults to discovered subnets + for managed VPCs or an empty set for unmanaged VPCs) + items: + type: string + type: array + type: object + sshKeyName: + description: SSHKeyName is the name of the ssh key to attach to the + bastion host. Valid values are empty string (do not use SSH keys), + a valid SSH key name, or omitted (use the default SSH key name) + type: string + type: object + status: + description: AWSClusterStatus defines the observed state of AWSCluster. + properties: + bastion: + description: Instance describes an AWS instance. + properties: + addresses: + description: Addresses contains the AWS instance associated addresses. + items: + description: MachineAddress contains information for the node's + address. + properties: + address: + description: The machine address. + type: string + type: + description: Machine address type, one of Hostname, ExternalIP, + InternalIP, ExternalDNS or InternalDNS. + type: string + required: + - address + - type + type: object + type: array + availabilityZone: + description: Availability zone of instance + type: string + ebsOptimized: + description: Indicates whether the instance is optimized for Amazon + EBS I/O. + type: boolean + enaSupport: + description: Specifies whether enhanced networking with ENA is + enabled. + type: boolean + iamProfile: + description: The name of the IAM instance profile associated with + the instance, if applicable. + type: string + id: + type: string + imageId: + description: The ID of the AMI used to launch the instance. + type: string + instanceMetadataOptions: + description: InstanceMetadataOptions is the metadata options for + the EC2 instance. + properties: + httpEndpoint: + default: enabled + description: "Enables or disables the HTTP metadata endpoint + on your instances. \n If you specify a value of disabled, + you cannot access your instance metadata. \n Default: enabled" + enum: + - enabled + - disabled + type: string + httpPutResponseHopLimit: + default: 1 + description: "The desired HTTP PUT response hop limit for + instance metadata requests. The larger the number, the further + instance metadata requests can travel. \n Default: 1" + format: int64 + maximum: 64 + minimum: 1 + type: integer + httpTokens: + default: optional + description: "The state of token usage for your instance metadata + requests. \n If the state is optional, you can choose to + retrieve instance metadata with or without a session token + on your request. If you retrieve the IAM role credentials + without a token, the version 1.0 role credentials are returned. + If you retrieve the IAM role credentials using a valid session + token, the version 2.0 role credentials are returned. \n + If the state is required, you must send a session token + with any instance metadata retrieval requests. In this state, + retrieving the IAM role credentials always returns the version + 2.0 credentials; the version 1.0 credentials are not available. + \n Default: optional" + enum: + - optional + - required + type: string + instanceMetadataTags: + default: disabled + description: "Set to enabled to allow access to instance tags + from the instance metadata. Set to disabled to turn off + access to instance tags from the instance metadata. For + more information, see Work with instance tags using the + instance metadata (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Using_Tags.html#work-with-tags-in-IMDS). + \n Default: disabled" + enum: + - enabled + - disabled + type: string + type: object + instanceState: + description: The current state of the instance. + type: string + networkInterfaces: + description: Specifies ENIs attached to instance + items: + type: string + type: array + nonRootVolumes: + description: Configuration options for the non root storage volumes. + items: + description: Volume encapsulates the configuration options for + the storage device. + properties: + deviceName: + description: Device name + type: string + encrypted: + description: Encrypted is whether the volume should be encrypted + or not. + type: boolean + encryptionKey: + description: EncryptionKey is the KMS key to use to encrypt + the volume. Can be either a KMS key ID or ARN. If Encrypted + is set and this is omitted, the default AWS key will be + used. The key must already exist and be accessible by + the controller. + type: string + iops: + description: IOPS is the number of IOPS requested for the + disk. Not applicable to all types. + format: int64 + type: integer + size: + description: Size specifies size (in Gi) of the storage + device. Must be greater than the image snapshot size or + 8 (whichever is greater). + format: int64 + minimum: 8 + type: integer + throughput: + description: Throughput to provision in MiB/s supported + for the volume type. Not applicable to all types. + format: int64 + type: integer + type: + description: Type is the type of the volume (e.g. gp2, io1, + etc...). + type: string + required: + - size + type: object + type: array + placementGroupName: + description: PlacementGroupName specifies the name of the placement + group in which to launch the instance. + type: string + privateDnsName: + description: PrivateDNSName is the options for the instance hostname. + properties: + enableResourceNameDnsAAAARecord: + description: EnableResourceNameDNSAAAARecord indicates whether + to respond to DNS queries for instance hostnames with DNS + AAAA records. + type: boolean + enableResourceNameDnsARecord: + description: EnableResourceNameDNSARecord indicates whether + to respond to DNS queries for instance hostnames with DNS + A records. + type: boolean + hostnameType: + description: The type of hostname to assign to an instance. + enum: + - ip-name + - resource-name + type: string + type: object + privateIp: + description: The private IPv4 address assigned to the instance. + type: string + publicIp: + description: The public IPv4 address assigned to the instance, + if applicable. + type: string + rootVolume: + description: Configuration options for the root storage volume. + properties: + deviceName: + description: Device name + type: string + encrypted: + description: Encrypted is whether the volume should be encrypted + or not. + type: boolean + encryptionKey: + description: EncryptionKey is the KMS key to use to encrypt + the volume. Can be either a KMS key ID or ARN. If Encrypted + is set and this is omitted, the default AWS key will be + used. The key must already exist and be accessible by the + controller. + type: string + iops: + description: IOPS is the number of IOPS requested for the + disk. Not applicable to all types. + format: int64 + type: integer + size: + description: Size specifies size (in Gi) of the storage device. + Must be greater than the image snapshot size or 8 (whichever + is greater). + format: int64 + minimum: 8 + type: integer + throughput: + description: Throughput to provision in MiB/s supported for + the volume type. Not applicable to all types. + format: int64 + type: integer + type: + description: Type is the type of the volume (e.g. gp2, io1, + etc...). + type: string + required: + - size + type: object + securityGroupIds: + description: SecurityGroupIDs are one or more security group IDs + this instance belongs to. + items: + type: string + type: array + spotMarketOptions: + description: SpotMarketOptions option for configuring instances + to be run using AWS Spot instances. + properties: + maxPrice: + description: MaxPrice defines the maximum price the user is + willing to pay for Spot VM instances + type: string + type: object + sshKeyName: + description: The name of the SSH key pair. + type: string + subnetId: + description: The ID of the subnet of the instance. + type: string + tags: + additionalProperties: + type: string + description: The tags associated with the instance. + type: object + tenancy: + description: Tenancy indicates if instance should run on shared + or single-tenant hardware. + type: string + type: + description: The instance type. + type: string + userData: + description: UserData is the raw data script passed to the instance + which is run upon bootstrap. This field must not be base64 encoded + and should only be used when running a new instance. + type: string + volumeIDs: + description: IDs of the instance's volumes + items: + type: string + type: array + required: + - id + type: object + conditions: + description: Conditions provide observations of the operational state + of a Cluster API resource. + items: + description: Condition defines an observation of a Cluster API resource + operational state. + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. This should be when the underlying condition changed. + If that is not known, then using the time when the API field + changed is acceptable. + format: date-time + type: string + message: + description: A human readable message indicating details about + the transition. This field may be empty. + type: string + reason: + description: The reason for the condition's last transition + in CamelCase. The specific API may choose whether or not this + field is considered a guaranteed API. This field may not be + empty. + type: string + severity: + description: Severity provides an explicit classification of + Reason code, so the users or machines can immediately understand + the current situation and act accordingly. The Severity field + MUST be set only when Status=False. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition in CamelCase or in foo.example.com/CamelCase. + Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be useful + (see .node.status.conditions), the ability to deconflict is + important. + type: string + required: + - lastTransitionTime + - status + - type + type: object + type: array + failureDomains: + additionalProperties: + description: FailureDomainSpec is the Schema for Cluster API failure + domains. It allows controllers to understand how many failure + domains a cluster can optionally span across. + properties: + attributes: + additionalProperties: + type: string + description: Attributes is a free form map of attributes an + infrastructure provider might use or require. + type: object + controlPlane: + description: ControlPlane determines if this failure domain + is suitable for use by control plane machines. + type: boolean + type: object + description: FailureDomains is a slice of FailureDomains. + type: object + networkStatus: + description: NetworkStatus encapsulates AWS networking resources. + properties: + apiServerElb: + description: APIServerELB is the Kubernetes api server load balancer. + properties: + arn: + description: ARN of the load balancer. Unlike the ClassicLB, + ARN is used mostly to define and get it. + type: string + attributes: + description: ClassicElbAttributes defines extra attributes + associated with the load balancer. + properties: + crossZoneLoadBalancing: + description: CrossZoneLoadBalancing enables the classic + load balancer load balancing. + type: boolean + idleTimeout: + description: IdleTimeout is time that the connection is + allowed to be idle (no data has been sent over the connection) + before it is closed by the load balancer. + format: int64 + type: integer + type: object + availabilityZones: + description: AvailabilityZones is an array of availability + zones in the VPC attached to the load balancer. + items: + type: string + type: array + dnsName: + description: DNSName is the dns name of the load balancer. + type: string + elbAttributes: + additionalProperties: + type: string + description: ELBAttributes defines extra attributes associated + with v2 load balancers. + type: object + elbListeners: + description: ELBListeners is an array of listeners associated + with the load balancer. There must be at least one. + items: + description: Listener defines an AWS network load balancer + listener. + properties: + port: + format: int64 + type: integer + protocol: + description: ELBProtocol defines listener protocols + for a load balancer. + type: string + targetGroup: + description: TargetGroupSpec specifies target group + settings for a given listener. This is created first, + and the ARN is then passed to the listener. + properties: + name: + description: Name of the TargetGroup. Must be unique + over the same group of listeners. + type: string + port: + description: Port is the exposed port + format: int64 + type: integer + protocol: + description: ELBProtocol defines listener protocols + for a load balancer. + enum: + - tcp + - tls + - udp + - TCP + - TLS + - UDP + type: string + targetGroupHealthCheck: + description: HealthCheck is the elb health check + associated with the load balancer. + properties: + intervalSeconds: + format: int64 + type: integer + path: + type: string + port: + type: string + protocol: + type: string + thresholdCount: + format: int64 + type: integer + timeoutSeconds: + format: int64 + type: integer + type: object + vpcId: + type: string + required: + - name + - port + - protocol + - vpcId + type: object + required: + - port + - protocol + - targetGroup + type: object + type: array + healthChecks: + description: HealthCheck is the classic elb health check associated + with the load balancer. + properties: + healthyThreshold: + format: int64 + type: integer + interval: + description: A Duration represents the elapsed time between + two instants as an int64 nanosecond count. The representation + limits the largest representable duration to approximately + 290 years. + format: int64 + type: integer + target: + type: string + timeout: + description: A Duration represents the elapsed time between + two instants as an int64 nanosecond count. The representation + limits the largest representable duration to approximately + 290 years. + format: int64 + type: integer + unhealthyThreshold: + format: int64 + type: integer + required: + - healthyThreshold + - interval + - target + - timeout + - unhealthyThreshold + type: object + listeners: + description: ClassicELBListeners is an array of classic elb + listeners associated with the load balancer. There must + be at least one. + items: + description: ClassicELBListener defines an AWS classic load + balancer listener. + properties: + instancePort: + format: int64 + type: integer + instanceProtocol: + description: ELBProtocol defines listener protocols + for a load balancer. + type: string + port: + format: int64 + type: integer + protocol: + description: ELBProtocol defines listener protocols + for a load balancer. + type: string + required: + - instancePort + - instanceProtocol + - port + - protocol + type: object + type: array + loadBalancerType: + description: LoadBalancerType sets the type for a load balancer. + The default type is classic. + enum: + - classic + - elb + - alb + - nlb + type: string + name: + description: The name of the load balancer. It must be unique + within the set of load balancers defined in the region. + It also serves as identifier. + type: string + scheme: + description: Scheme is the load balancer scheme, either internet-facing + or private. + type: string + securityGroupIds: + description: SecurityGroupIDs is an array of security groups + assigned to the load balancer. + items: + type: string + type: array + subnetIds: + description: SubnetIDs is an array of subnets in the VPC attached + to the load balancer. + items: + type: string + type: array + tags: + additionalProperties: + type: string + description: Tags is a map of tags associated with the load + balancer. + type: object + type: object + natGatewaysIPs: + description: NatGatewaysIPs contains the public IPs of the NAT + Gateways + items: + type: string + type: array + secondaryAPIServerELB: + description: SecondaryAPIServerELB is the secondary Kubernetes + api server load balancer. + properties: + arn: + description: ARN of the load balancer. Unlike the ClassicLB, + ARN is used mostly to define and get it. + type: string + attributes: + description: ClassicElbAttributes defines extra attributes + associated with the load balancer. + properties: + crossZoneLoadBalancing: + description: CrossZoneLoadBalancing enables the classic + load balancer load balancing. + type: boolean + idleTimeout: + description: IdleTimeout is time that the connection is + allowed to be idle (no data has been sent over the connection) + before it is closed by the load balancer. + format: int64 + type: integer + type: object + availabilityZones: + description: AvailabilityZones is an array of availability + zones in the VPC attached to the load balancer. + items: + type: string + type: array + dnsName: + description: DNSName is the dns name of the load balancer. + type: string + elbAttributes: + additionalProperties: + type: string + description: ELBAttributes defines extra attributes associated + with v2 load balancers. + type: object + elbListeners: + description: ELBListeners is an array of listeners associated + with the load balancer. There must be at least one. + items: + description: Listener defines an AWS network load balancer + listener. + properties: + port: + format: int64 + type: integer + protocol: + description: ELBProtocol defines listener protocols + for a load balancer. + type: string + targetGroup: + description: TargetGroupSpec specifies target group + settings for a given listener. This is created first, + and the ARN is then passed to the listener. + properties: + name: + description: Name of the TargetGroup. Must be unique + over the same group of listeners. + type: string + port: + description: Port is the exposed port + format: int64 + type: integer + protocol: + description: ELBProtocol defines listener protocols + for a load balancer. + enum: + - tcp + - tls + - udp + - TCP + - TLS + - UDP + type: string + targetGroupHealthCheck: + description: HealthCheck is the elb health check + associated with the load balancer. + properties: + intervalSeconds: + format: int64 + type: integer + path: + type: string + port: + type: string + protocol: + type: string + thresholdCount: + format: int64 + type: integer + timeoutSeconds: + format: int64 + type: integer + type: object + vpcId: + type: string + required: + - name + - port + - protocol + - vpcId + type: object + required: + - port + - protocol + - targetGroup + type: object + type: array + healthChecks: + description: HealthCheck is the classic elb health check associated + with the load balancer. + properties: + healthyThreshold: + format: int64 + type: integer + interval: + description: A Duration represents the elapsed time between + two instants as an int64 nanosecond count. The representation + limits the largest representable duration to approximately + 290 years. + format: int64 + type: integer + target: + type: string + timeout: + description: A Duration represents the elapsed time between + two instants as an int64 nanosecond count. The representation + limits the largest representable duration to approximately + 290 years. + format: int64 + type: integer + unhealthyThreshold: + format: int64 + type: integer + required: + - healthyThreshold + - interval + - target + - timeout + - unhealthyThreshold + type: object + listeners: + description: ClassicELBListeners is an array of classic elb + listeners associated with the load balancer. There must + be at least one. + items: + description: ClassicELBListener defines an AWS classic load + balancer listener. + properties: + instancePort: + format: int64 + type: integer + instanceProtocol: + description: ELBProtocol defines listener protocols + for a load balancer. + type: string + port: + format: int64 + type: integer + protocol: + description: ELBProtocol defines listener protocols + for a load balancer. + type: string + required: + - instancePort + - instanceProtocol + - port + - protocol + type: object + type: array + loadBalancerType: + description: LoadBalancerType sets the type for a load balancer. + The default type is classic. + enum: + - classic + - elb + - alb + - nlb + type: string + name: + description: The name of the load balancer. It must be unique + within the set of load balancers defined in the region. + It also serves as identifier. + type: string + scheme: + description: Scheme is the load balancer scheme, either internet-facing + or private. + type: string + securityGroupIds: + description: SecurityGroupIDs is an array of security groups + assigned to the load balancer. + items: + type: string + type: array + subnetIds: + description: SubnetIDs is an array of subnets in the VPC attached + to the load balancer. + items: + type: string + type: array + tags: + additionalProperties: + type: string + description: Tags is a map of tags associated with the load + balancer. + type: object + type: object + securityGroups: + additionalProperties: + description: SecurityGroup defines an AWS security group. + properties: + id: + description: ID is a unique identifier. + type: string + ingressRule: + description: IngressRules is the inbound rules associated + with the security group. + items: + description: IngressRule defines an AWS ingress rule for + security groups. + properties: + cidrBlocks: + description: List of CIDR blocks to allow access from. + Cannot be specified with SourceSecurityGroupID. + items: + type: string + type: array + description: + description: Description provides extended information + about the ingress rule. + type: string + fromPort: + description: FromPort is the start of port range. + format: int64 + type: integer + ipv6CidrBlocks: + description: List of IPv6 CIDR blocks to allow access + from. Cannot be specified with SourceSecurityGroupID. + items: + type: string + type: array + protocol: + description: Protocol is the protocol for the ingress + rule. Accepted values are "-1" (all), "4" (IP in + IP),"tcp", "udp", "icmp", and "58" (ICMPv6), "50" + (ESP). + enum: + - "-1" + - "4" + - tcp + - udp + - icmp + - "58" + - "50" + type: string + sourceSecurityGroupIds: + description: The security group id to allow access + from. Cannot be specified with CidrBlocks. + items: + type: string + type: array + sourceSecurityGroupRoles: + description: The security group role to allow access + from. Cannot be specified with CidrBlocks. The field + will be combined with source security group IDs + if specified. + items: + description: SecurityGroupRole defines the unique + role of a security group. + enum: + - bastion + - node + - controlplane + - apiserver-lb + - lb + - node-eks-additional + type: string + type: array + toPort: + description: ToPort is the end of port range. + format: int64 + type: integer + required: + - description + - fromPort + - protocol + - toPort + type: object + type: array + name: + description: Name is the security group name. + type: string + tags: + additionalProperties: + type: string + description: Tags is a map of tags associated with the security + group. + type: object + required: + - id + - name + type: object + description: SecurityGroups is a map from the role/kind of the + security group to its unique name, if any. + type: object + type: object + ready: + default: false + type: boolean + required: + - ready + type: object + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.13.0 + labels: + cluster.x-k8s.io/provider: infrastructure-aws + cluster.x-k8s.io/v1alpha3: v1alpha3 + cluster.x-k8s.io/v1alpha4: v1alpha4 + cluster.x-k8s.io/v1beta1: v1beta1_v1beta2 + clusterctl.cluster.x-k8s.io/move-hierarchy: "" + name: awsclusterstaticidentities.infrastructure.cluster.x-k8s.io +spec: + group: infrastructure.cluster.x-k8s.io + names: + categories: + - cluster-api + kind: AWSClusterStaticIdentity + listKind: AWSClusterStaticIdentityList + plural: awsclusterstaticidentities + shortNames: + - awssi + singular: awsclusterstaticidentity + scope: Cluster + versions: + - name: v1beta1 + schema: + openAPIV3Schema: + description: AWSClusterStaticIdentity is the Schema for the awsclusterstaticidentities + API It represents a reference to an AWS access key ID and secret access + key, stored in a secret. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: Spec for this AWSClusterStaticIdentity + properties: + allowedNamespaces: + description: AllowedNamespaces is used to identify which namespaces + are allowed to use the identity from. Namespaces can be selected + either using an array of namespaces or with label selector. An empty + allowedNamespaces object indicates that AWSClusters can use this + identity from any namespace. If this object is nil, no namespaces + will be allowed (default behaviour, if this field is not provided) + A namespace should be either in the NamespaceList or match with + Selector to use the identity. + nullable: true + properties: + list: + description: An nil or empty list indicates that AWSClusters cannot + use the identity from any namespace. + items: + type: string + nullable: true + type: array + selector: + description: An empty selector indicates that AWSClusters cannot + use this AWSClusterIdentity from any namespace. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector + that contains values, a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are In, NotIn, + Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. If + the operator is In or NotIn, the values array must + be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced + during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A + single {key,value} in the matchLabels map is equivalent + to an element of matchExpressions, whose key field is "key", + the operator is "In", and the values array contains only + "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + type: object + secretRef: + description: 'Reference to a secret containing the credentials. The + secret should contain the following data keys: AccessKeyID: AKIAIOSFODNN7EXAMPLE + SecretAccessKey: wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY SessionToken: + Optional' + type: string + required: + - secretRef + type: object + type: object + served: false + storage: false + - name: v1beta2 + schema: + openAPIV3Schema: + description: AWSClusterStaticIdentity is the Schema for the awsclusterstaticidentities + API It represents a reference to an AWS access key ID and secret access + key, stored in a secret. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: Spec for this AWSClusterStaticIdentity + properties: + allowedNamespaces: + description: AllowedNamespaces is used to identify which namespaces + are allowed to use the identity from. Namespaces can be selected + either using an array of namespaces or with label selector. An empty + allowedNamespaces object indicates that AWSClusters can use this + identity from any namespace. If this object is nil, no namespaces + will be allowed (default behaviour, if this field is not provided) + A namespace should be either in the NamespaceList or match with + Selector to use the identity. + nullable: true + properties: + list: + description: An nil or empty list indicates that AWSClusters cannot + use the identity from any namespace. + items: + type: string + nullable: true + type: array + selector: + description: An empty selector indicates that AWSClusters cannot + use this AWSClusterIdentity from any namespace. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector + that contains values, a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are In, NotIn, + Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. If + the operator is In or NotIn, the values array must + be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced + during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A + single {key,value} in the matchLabels map is equivalent + to an element of matchExpressions, whose key field is "key", + the operator is "In", and the values array contains only + "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + type: object + secretRef: + description: 'Reference to a secret containing the credentials. The + secret should contain the following data keys: AccessKeyID: AKIAIOSFODNN7EXAMPLE + SecretAccessKey: wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY SessionToken: + Optional' + type: string + required: + - secretRef + type: object + type: object + served: true + storage: true +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cert-manager.io/inject-ca-from: capa-system/capa-serving-cert + controller-gen.kubebuilder.io/version: v0.13.0 + labels: + cluster.x-k8s.io/provider: infrastructure-aws + cluster.x-k8s.io/v1alpha3: v1alpha3 + cluster.x-k8s.io/v1alpha4: v1alpha4 + cluster.x-k8s.io/v1beta1: v1beta1_v1beta2 + name: awsclustertemplates.infrastructure.cluster.x-k8s.io +spec: + conversion: + strategy: Webhook + webhook: + clientConfig: + caBundle: Cg== + service: + name: capa-webhook-service + namespace: capa-system + path: /convert + conversionReviewVersions: + - v1 + - v1beta1 + group: infrastructure.cluster.x-k8s.io + names: + categories: + - cluster-api + kind: AWSClusterTemplate + listKind: AWSClusterTemplateList + plural: awsclustertemplates + shortNames: + - awsct + singular: awsclustertemplate + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: Time duration since creation of AWSClusterTemplate + jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + description: AWSClusterTemplate is the schema for Amazon EC2 based Kubernetes + Cluster Templates. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: AWSClusterTemplateSpec defines the desired state of AWSClusterTemplate. + properties: + template: + properties: + metadata: + description: 'Standard object''s metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata' + properties: + annotations: + additionalProperties: + type: string + description: 'Annotations is an unstructured key value map + stored with a resource that may be set by external tools + to store and retrieve arbitrary metadata. They are not queryable + and should be preserved when modifying objects. More info: + http://kubernetes.io/docs/user-guide/annotations' + type: object + labels: + additionalProperties: + type: string + description: 'Map of string keys and values that can be used + to organize and categorize (scope and select) objects. May + match selectors of replication controllers and services. + More info: http://kubernetes.io/docs/user-guide/labels' + type: object + type: object + spec: + description: AWSClusterSpec defines the desired state of an EC2-based + Kubernetes cluster. + properties: + additionalTags: + additionalProperties: + type: string + description: AdditionalTags is an optional set of tags to + add to AWS resources managed by the AWS provider, in addition + to the ones added by default. + type: object + bastion: + description: Bastion contains options to configure the bastion + host. + properties: + allowedCIDRBlocks: + description: AllowedCIDRBlocks is a list of CIDR blocks + allowed to access the bastion host. They are set as + ingress rules for the Bastion host's Security Group + (defaults to 0.0.0.0/0). + items: + type: string + type: array + ami: + description: AMI will use the specified AMI to boot the + bastion. If not specified, the AMI will default to one + picked out in public space. + type: string + disableIngressRules: + description: DisableIngressRules will ensure there are + no Ingress rules in the bastion host's security group. + Requires AllowedCIDRBlocks to be empty. + type: boolean + enabled: + description: Enabled allows this provider to create a + bastion host instance with a public ip to access the + VPC private network. + type: boolean + instanceType: + description: InstanceType will use the specified instance + type for the bastion. If not specified, Cluster API + Provider AWS will use t3.micro for all regions except + us-east-1, where t2.micro will be the default. + type: string + type: object + controlPlaneEndpoint: + description: ControlPlaneEndpoint represents the endpoint + used to communicate with the control plane. + properties: + host: + description: The hostname on which the API server is serving. + type: string + port: + description: The port on which the API server is serving. + format: int32 + type: integer + required: + - host + - port + type: object + controlPlaneLoadBalancer: + description: ControlPlaneLoadBalancer is optional configuration + for customizing control plane behavior. + properties: + additionalSecurityGroups: + description: AdditionalSecurityGroups sets the security + groups used by the load balancer. Expected to be security + group IDs This is optional - if not provided new security + groups will be created for the load balancer + items: + type: string + type: array + crossZoneLoadBalancing: + description: "CrossZoneLoadBalancing enables the classic + ELB cross availability zone balancing. \n With cross-zone + load balancing, each load balancer node for your Classic + Load Balancer distributes requests evenly across the + registered instances in all enabled Availability Zones. + If cross-zone load balancing is disabled, each load + balancer node distributes requests evenly across the + registered instances in its Availability Zone only. + \n Defaults to false." + type: boolean + healthCheckProtocol: + description: HealthCheckProtocol sets the protocol type + for classic ELB health check target default value is + ClassicELBProtocolSSL + type: string + name: + description: Name sets the name of the classic ELB load + balancer. As per AWS, the name must be unique within + your set of load balancers for the region, must have + a maximum of 32 characters, must contain only alphanumeric + characters or hyphens, and cannot begin or end with + a hyphen. Once set, the value cannot be changed. + maxLength: 32 + pattern: ^[A-Za-z0-9]([A-Za-z0-9]{0,31}|[-A-Za-z0-9]{0,30}[A-Za-z0-9])$ + type: string + scheme: + default: internet-facing + description: Scheme sets the scheme of the load balancer + (defaults to internet-facing) + enum: + - internet-facing + - internal + type: string + subnets: + description: Subnets sets the subnets that should be applied + to the control plane load balancer (defaults to discovered + subnets for managed VPCs or an empty set for unmanaged + VPCs) + items: + type: string + type: array + type: object + identityRef: + description: IdentityRef is a reference to an identity to + be used when reconciling the managed control plane. If no + identity is specified, the default identity for this controller + will be used. + properties: + kind: + description: Kind of the identity. + enum: + - AWSClusterControllerIdentity + - AWSClusterRoleIdentity + - AWSClusterStaticIdentity + type: string + name: + description: Name of the identity. + minLength: 1 + type: string + required: + - kind + - name + type: object + imageLookupBaseOS: + description: ImageLookupBaseOS is the name of the base operating + system used to look up machine images when a machine does + not specify an AMI. When set, this will be used for all + cluster machines unless a machine specifies a different + ImageLookupBaseOS. + type: string + imageLookupFormat: + description: 'ImageLookupFormat is the AMI naming format to + look up machine images when a machine does not specify an + AMI. When set, this will be used for all cluster machines + unless a machine specifies a different ImageLookupOrg. Supports + substitutions for {{.BaseOS}} and {{.K8sVersion}} with the + base OS and kubernetes version, respectively. The BaseOS + will be the value in ImageLookupBaseOS or ubuntu (the default), + and the kubernetes version as defined by the packages produced + by kubernetes/release without v as a prefix: 1.13.0, 1.12.5-mybuild.1, + or 1.17.3. For example, the default image format of capa-ami-{{.BaseOS}}-?{{.K8sVersion}}-* + will end up searching for AMIs that match the pattern capa-ami-ubuntu-?1.18.0-* + for a Machine that is targeting kubernetes v1.18.0 and the + ubuntu base OS. See also: https://golang.org/pkg/text/template/' + type: string + imageLookupOrg: + description: ImageLookupOrg is the AWS Organization ID to + look up machine images when a machine does not specify an + AMI. When set, this will be used for all cluster machines + unless a machine specifies a different ImageLookupOrg. + type: string + network: + description: NetworkSpec encapsulates all things related to + AWS network. + properties: + cni: + description: CNI configuration + properties: + cniIngressRules: + description: CNIIngressRules specify rules to apply + to control plane and worker node security groups. + The source for the rule will be set to control plane + and worker security group IDs. + items: + description: CNIIngressRule defines an AWS ingress + rule for CNI requirements. + properties: + description: + type: string + fromPort: + format: int64 + type: integer + protocol: + description: SecurityGroupProtocol defines the + protocol type for a security group rule. + type: string + toPort: + format: int64 + type: integer + required: + - description + - fromPort + - protocol + - toPort + type: object + type: array + type: object + securityGroupOverrides: + additionalProperties: + type: string + description: SecurityGroupOverrides is an optional set + of security groups to use for cluster instances This + is optional - if not provided new security groups will + be created for the cluster + type: object + subnets: + description: Subnets configuration. + items: + description: SubnetSpec configures an AWS Subnet. + properties: + availabilityZone: + description: AvailabilityZone defines the availability + zone to use for this subnet in the cluster's region. + type: string + cidrBlock: + description: CidrBlock is the CIDR block to be used + when the provider creates a managed VPC. + type: string + id: + description: ID defines a unique identifier to reference + this resource. + type: string + ipv6CidrBlock: + description: IPv6CidrBlock is the IPv6 CIDR block + to be used when the provider creates a managed + VPC. A subnet can have an IPv4 and an IPv6 address. + IPv6 is only supported in managed clusters, this + field cannot be set on AWSCluster object. + type: string + isIpv6: + description: IsIPv6 defines the subnet as an IPv6 + subnet. A subnet is IPv6 when it is associated + with a VPC that has IPv6 enabled. IPv6 is only + supported in managed clusters, this field cannot + be set on AWSCluster object. + type: boolean + isPublic: + description: IsPublic defines the subnet as a public + subnet. A subnet is public when it is associated + with a route table that has a route to an internet + gateway. + type: boolean + natGatewayId: + description: NatGatewayID is the NAT gateway id + associated with the subnet. Ignored unless the + subnet is managed by the provider, in which case + this is set on the public subnet where the NAT + gateway resides. It is then used to determine + routes for private subnets in the same AZ as the + public subnet. + type: string + routeTableId: + description: RouteTableID is the routing table id + associated with the subnet. + type: string + tags: + additionalProperties: + type: string + description: Tags is a collection of tags describing + the resource. + type: object + type: object + type: array + vpc: + description: VPC configuration. + properties: + availabilityZoneSelection: + default: Ordered + description: 'AvailabilityZoneSelection specifies + how AZs should be selected if there are more AZs + in a region than specified by AvailabilityZoneUsageLimit. + There are 2 selection schemes: Ordered - selects + based on alphabetical order Random - selects AZs + randomly in a region Defaults to Ordered' + enum: + - Ordered + - Random + type: string + availabilityZoneUsageLimit: + default: 3 + description: AvailabilityZoneUsageLimit specifies + the maximum number of availability zones (AZ) that + should be used in a region when automatically creating + subnets. If a region has more than this number of + AZs then this number of AZs will be picked randomly + when creating default subnets. Defaults to 3 + minimum: 1 + type: integer + cidrBlock: + description: CidrBlock is the CIDR block to be used + when the provider creates a managed VPC. Defaults + to 10.0.0.0/16. + type: string + id: + description: ID is the vpc-id of the VPC this provider + should use to create resources. + type: string + internetGatewayId: + description: InternetGatewayID is the id of the internet + gateway associated with the VPC. + type: string + ipv6: + description: IPv6 contains ipv6 specific settings + for the network. Supported only in managed clusters. + This field cannot be set on AWSCluster object. + properties: + cidrBlock: + description: CidrBlock is the CIDR block provided + by Amazon when VPC has enabled IPv6. + type: string + egressOnlyInternetGatewayId: + description: EgressOnlyInternetGatewayID is the + id of the egress only internet gateway associated + with an IPv6 enabled VPC. + type: string + poolId: + description: PoolID is the IP pool which must + be defined in case of BYO IP is defined. + type: string + type: object + tags: + additionalProperties: + type: string + description: Tags is a collection of tags describing + the resource. + type: object + type: object + type: object + region: + description: The AWS Region the cluster lives in. + type: string + s3Bucket: + description: S3Bucket contains options to configure a supporting + S3 bucket for this cluster - currently used for nodes requiring + Ignition (https://coreos.github.io/ignition/) for bootstrapping + (requires BootstrapFormatIgnition feature flag to be enabled). + properties: + controlPlaneIAMInstanceProfile: + description: ControlPlaneIAMInstanceProfile is a name + of the IAMInstanceProfile, which will be allowed to + read control-plane node bootstrap data from S3 Bucket. + type: string + name: + description: Name defines name of S3 Bucket to be created. + maxLength: 63 + minLength: 3 + pattern: ^[a-z0-9][a-z0-9.-]{1,61}[a-z0-9]$ + type: string + nodesIAMInstanceProfiles: + description: NodesIAMInstanceProfiles is a list of IAM + instance profiles, which will be allowed to read worker + nodes bootstrap data from S3 Bucket. + items: + type: string + type: array + required: + - controlPlaneIAMInstanceProfile + - name + - nodesIAMInstanceProfiles + type: object + sshKeyName: + description: SSHKeyName is the name of the ssh key to attach + to the bastion host. Valid values are empty string (do not + use SSH keys), a valid SSH key name, or omitted (use the + default SSH key name) + type: string + type: object + required: + - spec + type: object + required: + - template + type: object + type: object + served: false + storage: false + subresources: {} + - additionalPrinterColumns: + - description: Time duration since creation of AWSClusterTemplate + jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1beta2 + schema: + openAPIV3Schema: + description: AWSClusterTemplate is the schema for Amazon EC2 based Kubernetes + Cluster Templates. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: AWSClusterTemplateSpec defines the desired state of AWSClusterTemplate. + properties: + template: + properties: + metadata: + description: 'Standard object''s metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata' + properties: + annotations: + additionalProperties: + type: string + description: 'Annotations is an unstructured key value map + stored with a resource that may be set by external tools + to store and retrieve arbitrary metadata. They are not queryable + and should be preserved when modifying objects. More info: + http://kubernetes.io/docs/user-guide/annotations' + type: object + labels: + additionalProperties: + type: string + description: 'Map of string keys and values that can be used + to organize and categorize (scope and select) objects. May + match selectors of replication controllers and services. + More info: http://kubernetes.io/docs/user-guide/labels' + type: object + type: object + spec: + description: AWSClusterSpec defines the desired state of an EC2-based + Kubernetes cluster. + properties: + additionalTags: + additionalProperties: + type: string + description: AdditionalTags is an optional set of tags to + add to AWS resources managed by the AWS provider, in addition + to the ones added by default. + type: object + bastion: + description: Bastion contains options to configure the bastion + host. + properties: + allowedCIDRBlocks: + description: AllowedCIDRBlocks is a list of CIDR blocks + allowed to access the bastion host. They are set as + ingress rules for the Bastion host's Security Group + (defaults to 0.0.0.0/0). + items: + type: string + type: array + ami: + description: AMI will use the specified AMI to boot the + bastion. If not specified, the AMI will default to one + picked out in public space. + type: string + disableIngressRules: + description: DisableIngressRules will ensure there are + no Ingress rules in the bastion host's security group. + Requires AllowedCIDRBlocks to be empty. + type: boolean + enabled: + description: Enabled allows this provider to create a + bastion host instance with a public ip to access the + VPC private network. + type: boolean + instanceType: + description: InstanceType will use the specified instance + type for the bastion. If not specified, Cluster API + Provider AWS will use t3.micro for all regions except + us-east-1, where t2.micro will be the default. + type: string + type: object + controlPlaneEndpoint: + description: ControlPlaneEndpoint represents the endpoint + used to communicate with the control plane. + properties: + host: + description: The hostname on which the API server is serving. + type: string + port: + description: The port on which the API server is serving. + format: int32 + type: integer + required: + - host + - port + type: object + controlPlaneLoadBalancer: + description: ControlPlaneLoadBalancer is optional configuration + for customizing control plane behavior. + properties: + additionalListeners: + description: AdditionalListeners sets the additional listeners + for the control plane load balancer. This is only applicable + to Network Load Balancer (NLB) types for the time being. + items: + description: AdditionalListenerSpec defines the desired + state of an additional listener on an AWS load balancer. + properties: + port: + description: Port sets the port for the additional + listener. + format: int64 + maximum: 65535 + minimum: 1 + type: integer + protocol: + default: TCP + description: Protocol sets the protocol for the + additional listener. Currently only TCP is supported. + enum: + - TCP + type: string + required: + - port + type: object + type: array + x-kubernetes-list-map-keys: + - port + x-kubernetes-list-type: map + additionalSecurityGroups: + description: AdditionalSecurityGroups sets the security + groups used by the load balancer. Expected to be security + group IDs This is optional - if not provided new security + groups will be created for the load balancer + items: + type: string + type: array + crossZoneLoadBalancing: + description: "CrossZoneLoadBalancing enables the classic + ELB cross availability zone balancing. \n With cross-zone + load balancing, each load balancer node for your Classic + Load Balancer distributes requests evenly across the + registered instances in all enabled Availability Zones. + If cross-zone load balancing is disabled, each load + balancer node distributes requests evenly across the + registered instances in its Availability Zone only. + \n Defaults to false." + type: boolean + disableHostsRewrite: + description: DisableHostsRewrite disabled the hair pinning + issue solution that adds the NLB's address as 127.0.0.1 + to the hosts file of each instance. This is by default, + false. + type: boolean + healthCheckProtocol: + description: HealthCheckProtocol sets the protocol type + for ELB health check target default value is ELBProtocolSSL + enum: + - TCP + - SSL + - HTTP + - HTTPS + - TLS + - UDP + type: string + ingressRules: + description: IngressRules sets the ingress rules for the + control plane load balancer. + items: + description: IngressRule defines an AWS ingress rule + for security groups. + properties: + cidrBlocks: + description: List of CIDR blocks to allow access + from. Cannot be specified with SourceSecurityGroupID. + items: + type: string + type: array + description: + description: Description provides extended information + about the ingress rule. + type: string + fromPort: + description: FromPort is the start of port range. + format: int64 + type: integer + ipv6CidrBlocks: + description: List of IPv6 CIDR blocks to allow access + from. Cannot be specified with SourceSecurityGroupID. + items: + type: string + type: array + protocol: + description: Protocol is the protocol for the ingress + rule. Accepted values are "-1" (all), "4" (IP + in IP),"tcp", "udp", "icmp", and "58" (ICMPv6), + "50" (ESP). + enum: + - "-1" + - "4" + - tcp + - udp + - icmp + - "58" + - "50" + type: string + sourceSecurityGroupIds: + description: The security group id to allow access + from. Cannot be specified with CidrBlocks. + items: + type: string + type: array + sourceSecurityGroupRoles: + description: The security group role to allow access + from. Cannot be specified with CidrBlocks. The + field will be combined with source security group + IDs if specified. + items: + description: SecurityGroupRole defines the unique + role of a security group. + enum: + - bastion + - node + - controlplane + - apiserver-lb + - lb + - node-eks-additional + type: string + type: array + toPort: + description: ToPort is the end of port range. + format: int64 + type: integer + required: + - description + - fromPort + - protocol + - toPort + type: object + type: array + loadBalancerType: + default: classic + description: LoadBalancerType sets the type for a load + balancer. The default type is classic. + enum: + - classic + - elb + - alb + - nlb + - disabled + type: string + name: + description: Name sets the name of the classic ELB load + balancer. As per AWS, the name must be unique within + your set of load balancers for the region, must have + a maximum of 32 characters, must contain only alphanumeric + characters or hyphens, and cannot begin or end with + a hyphen. Once set, the value cannot be changed. + maxLength: 32 + pattern: ^[A-Za-z0-9]([A-Za-z0-9]{0,31}|[-A-Za-z0-9]{0,30}[A-Za-z0-9])$ + type: string + preserveClientIP: + description: PreserveClientIP lets the user control if + preservation of client ips must be retained or not. + If this is enabled 6443 will be opened to 0.0.0.0/0. + type: boolean + scheme: + default: internet-facing + description: Scheme sets the scheme of the load balancer + (defaults to internet-facing) + enum: + - internet-facing + - internal + type: string + subnets: + description: Subnets sets the subnets that should be applied + to the control plane load balancer (defaults to discovered + subnets for managed VPCs or an empty set for unmanaged + VPCs) + items: + type: string + type: array + type: object + identityRef: + description: IdentityRef is a reference to an identity to + be used when reconciling the managed control plane. If no + identity is specified, the default identity for this controller + will be used. + properties: + kind: + description: Kind of the identity. + enum: + - AWSClusterControllerIdentity + - AWSClusterRoleIdentity + - AWSClusterStaticIdentity + type: string + name: + description: Name of the identity. + minLength: 1 + type: string + required: + - kind + - name + type: object + imageLookupBaseOS: + description: ImageLookupBaseOS is the name of the base operating + system used to look up machine images when a machine does + not specify an AMI. When set, this will be used for all + cluster machines unless a machine specifies a different + ImageLookupBaseOS. + type: string + imageLookupFormat: + description: 'ImageLookupFormat is the AMI naming format to + look up machine images when a machine does not specify an + AMI. When set, this will be used for all cluster machines + unless a machine specifies a different ImageLookupOrg. Supports + substitutions for {{.BaseOS}} and {{.K8sVersion}} with the + base OS and kubernetes version, respectively. The BaseOS + will be the value in ImageLookupBaseOS or ubuntu (the default), + and the kubernetes version as defined by the packages produced + by kubernetes/release without v as a prefix: 1.13.0, 1.12.5-mybuild.1, + or 1.17.3. For example, the default image format of capa-ami-{{.BaseOS}}-?{{.K8sVersion}}-* + will end up searching for AMIs that match the pattern capa-ami-ubuntu-?1.18.0-* + for a Machine that is targeting kubernetes v1.18.0 and the + ubuntu base OS. See also: https://golang.org/pkg/text/template/' + type: string + imageLookupOrg: + description: ImageLookupOrg is the AWS Organization ID to + look up machine images when a machine does not specify an + AMI. When set, this will be used for all cluster machines + unless a machine specifies a different ImageLookupOrg. + type: string + network: + description: NetworkSpec encapsulates all things related to + AWS network. + properties: + additionalControlPlaneIngressRules: + description: AdditionalControlPlaneIngressRules is an + optional set of ingress rules to add to the control + plane + items: + description: IngressRule defines an AWS ingress rule + for security groups. + properties: + cidrBlocks: + description: List of CIDR blocks to allow access + from. Cannot be specified with SourceSecurityGroupID. + items: + type: string + type: array + description: + description: Description provides extended information + about the ingress rule. + type: string + fromPort: + description: FromPort is the start of port range. + format: int64 + type: integer + ipv6CidrBlocks: + description: List of IPv6 CIDR blocks to allow access + from. Cannot be specified with SourceSecurityGroupID. + items: + type: string + type: array + protocol: + description: Protocol is the protocol for the ingress + rule. Accepted values are "-1" (all), "4" (IP + in IP),"tcp", "udp", "icmp", and "58" (ICMPv6), + "50" (ESP). + enum: + - "-1" + - "4" + - tcp + - udp + - icmp + - "58" + - "50" + type: string + sourceSecurityGroupIds: + description: The security group id to allow access + from. Cannot be specified with CidrBlocks. + items: + type: string + type: array + sourceSecurityGroupRoles: + description: The security group role to allow access + from. Cannot be specified with CidrBlocks. The + field will be combined with source security group + IDs if specified. + items: + description: SecurityGroupRole defines the unique + role of a security group. + enum: + - bastion + - node + - controlplane + - apiserver-lb + - lb + - node-eks-additional + type: string + type: array + toPort: + description: ToPort is the end of port range. + format: int64 + type: integer + required: + - description + - fromPort + - protocol + - toPort + type: object + type: array + cni: + description: CNI configuration + properties: + cniIngressRules: + description: CNIIngressRules specify rules to apply + to control plane and worker node security groups. + The source for the rule will be set to control plane + and worker security group IDs. + items: + description: CNIIngressRule defines an AWS ingress + rule for CNI requirements. + properties: + description: + type: string + fromPort: + format: int64 + type: integer + protocol: + description: SecurityGroupProtocol defines the + protocol type for a security group rule. + type: string + toPort: + format: int64 + type: integer + required: + - description + - fromPort + - protocol + - toPort + type: object + type: array + type: object + securityGroupOverrides: + additionalProperties: + type: string + description: SecurityGroupOverrides is an optional set + of security groups to use for cluster instances This + is optional - if not provided new security groups will + be created for the cluster + type: object + subnets: + description: Subnets configuration. + items: + description: SubnetSpec configures an AWS Subnet. + properties: + availabilityZone: + description: AvailabilityZone defines the availability + zone to use for this subnet in the cluster's region. + type: string + cidrBlock: + description: CidrBlock is the CIDR block to be used + when the provider creates a managed VPC. + type: string + id: + description: "ID defines a unique identifier to + reference this resource. If you're bringing your + subnet, set the AWS subnet-id here, it must start + with `subnet-`. \n When the VPC is managed by + CAPA, and you'd like the provider to create a + subnet for you, the id can be set to any placeholder + value that does not start with `subnet-`; upon + creation, the subnet AWS identifier will be populated + in the `ResourceID` field and the `id` field is + going to be used as the subnet name. If you specify + a tag called `Name`, it takes precedence." + type: string + ipv6CidrBlock: + description: IPv6CidrBlock is the IPv6 CIDR block + to be used when the provider creates a managed + VPC. A subnet can have an IPv4 and an IPv6 address. + IPv6 is only supported in managed clusters, this + field cannot be set on AWSCluster object. + type: string + isIpv6: + description: IsIPv6 defines the subnet as an IPv6 + subnet. A subnet is IPv6 when it is associated + with a VPC that has IPv6 enabled. IPv6 is only + supported in managed clusters, this field cannot + be set on AWSCluster object. + type: boolean + isPublic: + description: IsPublic defines the subnet as a public + subnet. A subnet is public when it is associated + with a route table that has a route to an internet + gateway. + type: boolean + natGatewayId: + description: NatGatewayID is the NAT gateway id + associated with the subnet. Ignored unless the + subnet is managed by the provider, in which case + this is set on the public subnet where the NAT + gateway resides. It is then used to determine + routes for private subnets in the same AZ as the + public subnet. + type: string + resourceID: + description: ResourceID is the subnet identifier + from AWS, READ ONLY. This field is populated when + the provider manages the subnet. + type: string + routeTableId: + description: RouteTableID is the routing table id + associated with the subnet. + type: string + tags: + additionalProperties: + type: string + description: Tags is a collection of tags describing + the resource. + type: object + required: + - id + type: object + type: array + x-kubernetes-list-map-keys: + - id + x-kubernetes-list-type: map + vpc: + description: VPC configuration. + properties: + availabilityZoneSelection: + default: Ordered + description: 'AvailabilityZoneSelection specifies + how AZs should be selected if there are more AZs + in a region than specified by AvailabilityZoneUsageLimit. + There are 2 selection schemes: Ordered - selects + based on alphabetical order Random - selects AZs + randomly in a region Defaults to Ordered' + enum: + - Ordered + - Random + type: string + availabilityZoneUsageLimit: + default: 3 + description: AvailabilityZoneUsageLimit specifies + the maximum number of availability zones (AZ) that + should be used in a region when automatically creating + subnets. If a region has more than this number of + AZs then this number of AZs will be picked randomly + when creating default subnets. Defaults to 3 + minimum: 1 + type: integer + cidrBlock: + description: CidrBlock is the CIDR block to be used + when the provider creates a managed VPC. Defaults + to 10.0.0.0/16. Mutually exclusive with IPAMPool. + type: string + emptyRoutesDefaultVPCSecurityGroup: + description: "EmptyRoutesDefaultVPCSecurityGroup specifies + whether the default VPC security group ingress and + egress rules should be removed. \n By default, when + creating a VPC, AWS creates a security group called + `default` with ingress and egress rules that allow + traffic from anywhere. The group could be used as + a potential surface attack and it's generally suggested + that the group rules are removed or modified appropriately. + \n NOTE: This only applies when the VPC is managed + by the Cluster API AWS controller." + type: boolean + id: + description: ID is the vpc-id of the VPC this provider + should use to create resources. + type: string + internetGatewayId: + description: InternetGatewayID is the id of the internet + gateway associated with the VPC. + type: string + ipamPool: + description: IPAMPool defines the IPAMv4 pool to be + used for VPC. Mutually exclusive with CidrBlock. + properties: + id: + description: ID is the ID of the IPAM pool this + provider should use to create VPC. + type: string + name: + description: Name is the name of the IPAM pool + this provider should use to create VPC. + type: string + netmaskLength: + description: The netmask length of the IPv4 CIDR + you want to allocate to VPC from an Amazon VPC + IP Address Manager (IPAM) pool. Defaults to + /16 for IPv4 if not specified. + format: int64 + type: integer + type: object + ipv6: + description: IPv6 contains ipv6 specific settings + for the network. Supported only in managed clusters. + This field cannot be set on AWSCluster object. + properties: + cidrBlock: + description: CidrBlock is the CIDR block provided + by Amazon when VPC has enabled IPv6. Mutually + exclusive with IPAMPool. + type: string + egressOnlyInternetGatewayId: + description: EgressOnlyInternetGatewayID is the + id of the egress only internet gateway associated + with an IPv6 enabled VPC. + type: string + ipamPool: + description: IPAMPool defines the IPAMv6 pool + to be used for VPC. Mutually exclusive with + CidrBlock. + properties: + id: + description: ID is the ID of the IPAM pool + this provider should use to create VPC. + type: string + name: + description: Name is the name of the IPAM + pool this provider should use to create + VPC. + type: string + netmaskLength: + description: The netmask length of the IPv4 + CIDR you want to allocate to VPC from an + Amazon VPC IP Address Manager (IPAM) pool. + Defaults to /16 for IPv4 if not specified. + format: int64 + type: integer + type: object + poolId: + description: PoolID is the IP pool which must + be defined in case of BYO IP is defined. Must + be specified if CidrBlock is set. Mutually exclusive + with IPAMPool. + type: string + type: object + privateDnsHostnameTypeOnLaunch: + description: PrivateDNSHostnameTypeOnLaunch is the + type of hostname to assign to instances in the subnet + at launch. For IPv4-only and dual-stack (IPv4 and + IPv6) subnets, an instance DNS name can be based + on the instance IPv4 address (ip-name) or the instance + ID (resource-name). For IPv6 only subnets, an instance + DNS name must be based on the instance ID (resource-name). + enum: + - ip-name + - resource-name + type: string + tags: + additionalProperties: + type: string + description: Tags is a collection of tags describing + the resource. + type: object + type: object + type: object + partition: + description: Partition is the AWS security partition being + used. Defaults to "aws" + type: string + region: + description: The AWS Region the cluster lives in. + type: string + s3Bucket: + description: S3Bucket contains options to configure a supporting + S3 bucket for this cluster - currently used for nodes requiring + Ignition (https://coreos.github.io/ignition/) for bootstrapping + (requires BootstrapFormatIgnition feature flag to be enabled). + properties: + controlPlaneIAMInstanceProfile: + description: ControlPlaneIAMInstanceProfile is a name + of the IAMInstanceProfile, which will be allowed to + read control-plane node bootstrap data from S3 Bucket. + type: string + name: + description: Name defines name of S3 Bucket to be created. + maxLength: 63 + minLength: 3 + pattern: ^[a-z0-9][a-z0-9.-]{1,61}[a-z0-9]$ + type: string + nodesIAMInstanceProfiles: + description: NodesIAMInstanceProfiles is a list of IAM + instance profiles, which will be allowed to read worker + nodes bootstrap data from S3 Bucket. + items: + type: string + type: array + presignedURLDuration: + description: "PresignedURLDuration defines the duration + for which presigned URLs are valid. \n This is used + to generate presigned URLs for S3 Bucket objects, which + are used by control-plane and worker nodes to fetch + bootstrap data. \n When enabled, the IAM instance profiles + specified are not used." + type: string + required: + - name + type: object + secondaryControlPlaneLoadBalancer: + description: "SecondaryControlPlaneLoadBalancer is an additional + load balancer that can be used for the control plane. \n + An example use case is to have a separate internal load + balancer for internal traffic, and a separate external load + balancer for external traffic." + properties: + additionalListeners: + description: AdditionalListeners sets the additional listeners + for the control plane load balancer. This is only applicable + to Network Load Balancer (NLB) types for the time being. + items: + description: AdditionalListenerSpec defines the desired + state of an additional listener on an AWS load balancer. + properties: + port: + description: Port sets the port for the additional + listener. + format: int64 + maximum: 65535 + minimum: 1 + type: integer + protocol: + default: TCP + description: Protocol sets the protocol for the + additional listener. Currently only TCP is supported. + enum: + - TCP + type: string + required: + - port + type: object + type: array + x-kubernetes-list-map-keys: + - port + x-kubernetes-list-type: map + additionalSecurityGroups: + description: AdditionalSecurityGroups sets the security + groups used by the load balancer. Expected to be security + group IDs This is optional - if not provided new security + groups will be created for the load balancer + items: + type: string + type: array + crossZoneLoadBalancing: + description: "CrossZoneLoadBalancing enables the classic + ELB cross availability zone balancing. \n With cross-zone + load balancing, each load balancer node for your Classic + Load Balancer distributes requests evenly across the + registered instances in all enabled Availability Zones. + If cross-zone load balancing is disabled, each load + balancer node distributes requests evenly across the + registered instances in its Availability Zone only. + \n Defaults to false." + type: boolean + disableHostsRewrite: + description: DisableHostsRewrite disabled the hair pinning + issue solution that adds the NLB's address as 127.0.0.1 + to the hosts file of each instance. This is by default, + false. + type: boolean + healthCheckProtocol: + description: HealthCheckProtocol sets the protocol type + for ELB health check target default value is ELBProtocolSSL + enum: + - TCP + - SSL + - HTTP + - HTTPS + - TLS + - UDP + type: string + ingressRules: + description: IngressRules sets the ingress rules for the + control plane load balancer. + items: + description: IngressRule defines an AWS ingress rule + for security groups. + properties: + cidrBlocks: + description: List of CIDR blocks to allow access + from. Cannot be specified with SourceSecurityGroupID. + items: + type: string + type: array + description: + description: Description provides extended information + about the ingress rule. + type: string + fromPort: + description: FromPort is the start of port range. + format: int64 + type: integer + ipv6CidrBlocks: + description: List of IPv6 CIDR blocks to allow access + from. Cannot be specified with SourceSecurityGroupID. + items: + type: string + type: array + protocol: + description: Protocol is the protocol for the ingress + rule. Accepted values are "-1" (all), "4" (IP + in IP),"tcp", "udp", "icmp", and "58" (ICMPv6), + "50" (ESP). + enum: + - "-1" + - "4" + - tcp + - udp + - icmp + - "58" + - "50" + type: string + sourceSecurityGroupIds: + description: The security group id to allow access + from. Cannot be specified with CidrBlocks. + items: + type: string + type: array + sourceSecurityGroupRoles: + description: The security group role to allow access + from. Cannot be specified with CidrBlocks. The + field will be combined with source security group + IDs if specified. + items: + description: SecurityGroupRole defines the unique + role of a security group. + enum: + - bastion + - node + - controlplane + - apiserver-lb + - lb + - node-eks-additional + type: string + type: array + toPort: + description: ToPort is the end of port range. + format: int64 + type: integer + required: + - description + - fromPort + - protocol + - toPort + type: object + type: array + loadBalancerType: + default: classic + description: LoadBalancerType sets the type for a load + balancer. The default type is classic. + enum: + - classic + - elb + - alb + - nlb + - disabled + type: string + name: + description: Name sets the name of the classic ELB load + balancer. As per AWS, the name must be unique within + your set of load balancers for the region, must have + a maximum of 32 characters, must contain only alphanumeric + characters or hyphens, and cannot begin or end with + a hyphen. Once set, the value cannot be changed. + maxLength: 32 + pattern: ^[A-Za-z0-9]([A-Za-z0-9]{0,31}|[-A-Za-z0-9]{0,30}[A-Za-z0-9])$ + type: string + preserveClientIP: + description: PreserveClientIP lets the user control if + preservation of client ips must be retained or not. + If this is enabled 6443 will be opened to 0.0.0.0/0. + type: boolean + scheme: + default: internet-facing + description: Scheme sets the scheme of the load balancer + (defaults to internet-facing) + enum: + - internet-facing + - internal + type: string + subnets: + description: Subnets sets the subnets that should be applied + to the control plane load balancer (defaults to discovered + subnets for managed VPCs or an empty set for unmanaged + VPCs) + items: + type: string + type: array + type: object + sshKeyName: + description: SSHKeyName is the name of the ssh key to attach + to the bastion host. Valid values are empty string (do not + use SSH keys), a valid SSH key name, or omitted (use the + default SSH key name) + type: string + type: object + required: + - spec + type: object + required: + - template + type: object + type: object + served: true + storage: true + subresources: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.13.0 + labels: + cluster.x-k8s.io/provider: infrastructure-aws + cluster.x-k8s.io/v1alpha3: v1alpha3 + cluster.x-k8s.io/v1alpha4: v1alpha4 + cluster.x-k8s.io/v1beta1: v1beta1_v1beta2 + name: awsfargateprofiles.infrastructure.cluster.x-k8s.io +spec: + group: infrastructure.cluster.x-k8s.io + names: + categories: + - cluster-api + kind: AWSFargateProfile + listKind: AWSFargateProfileList + plural: awsfargateprofiles + shortNames: + - awsfp + singular: awsfargateprofile + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: AWSFargateProfile ready status + jsonPath: .status.ready + name: Ready + type: string + - description: EKS Fargate profile name + jsonPath: .spec.profileName + name: ProfileName + type: string + - description: Failure reason + jsonPath: .status.failureReason + name: FailureReason + type: string + name: v1beta1 + schema: + openAPIV3Schema: + description: AWSFargateProfile is the Schema for the awsfargateprofiles API. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: FargateProfileSpec defines the desired state of FargateProfile. + properties: + additionalTags: + additionalProperties: + type: string + description: AdditionalTags is an optional set of tags to add to AWS + resources managed by the AWS provider, in addition to the ones added + by default. + type: object + clusterName: + description: ClusterName is the name of the Cluster this object belongs + to. + minLength: 1 + type: string + profileName: + description: ProfileName specifies the profile name. + type: string + roleName: + description: RoleName specifies the name of IAM role for this fargate + pool If the role is pre-existing we will treat it as unmanaged and + not delete it on deletion. If the EKSEnableIAM feature flag is true + and no name is supplied then a role is created. + type: string + selectors: + description: Selectors specify fargate pod selectors. + items: + description: FargateSelector specifies a selector for pods that + should run on this fargate pool. + properties: + labels: + additionalProperties: + type: string + description: Labels specifies which pod labels this selector + should match. + type: object + namespace: + description: Namespace specifies which namespace this selector + should match. + type: string + type: object + type: array + subnetIDs: + description: SubnetIDs specifies which subnets are used for the auto + scaling group of this nodegroup. + items: + type: string + type: array + required: + - clusterName + type: object + status: + description: FargateProfileStatus defines the observed state of FargateProfile. + properties: + conditions: + description: Conditions defines current state of the Fargate profile. + items: + description: Condition defines an observation of a Cluster API resource + operational state. + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. This should be when the underlying condition changed. + If that is not known, then using the time when the API field + changed is acceptable. + format: date-time + type: string + message: + description: A human readable message indicating details about + the transition. This field may be empty. + type: string + reason: + description: The reason for the condition's last transition + in CamelCase. The specific API may choose whether or not this + field is considered a guaranteed API. This field may not be + empty. + type: string + severity: + description: Severity provides an explicit classification of + Reason code, so the users or machines can immediately understand + the current situation and act accordingly. The Severity field + MUST be set only when Status=False. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition in CamelCase or in foo.example.com/CamelCase. + Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be useful + (see .node.status.conditions), the ability to deconflict is + important. + type: string + required: + - lastTransitionTime + - status + - type + type: object + type: array + failureMessage: + description: "FailureMessage will be set in the event that there is + a terminal problem reconciling the FargateProfile and will contain + a more verbose string suitable for logging and human consumption. + \n This field should not be set for transitive errors that a controller + faces that are expected to be fixed automatically over time (like + service outages), but instead indicate that something is fundamentally + wrong with the FargateProfile's spec or the configuration of the + controller, and that manual intervention is required. Examples of + terminal errors would be invalid combinations of settings in the + spec, values that are unsupported by the controller, or the responsible + controller itself being critically misconfigured. \n Any transient + errors that occur during the reconciliation of FargateProfiles can + be added as events to the FargateProfile object and/or logged in + the controller's output." + type: string + failureReason: + description: "FailureReason will be set in the event that there is + a terminal problem reconciling the FargateProfile and will contain + a succinct value suitable for machine interpretation. \n This field + should not be set for transitive errors that a controller faces + that are expected to be fixed automatically over time (like service + outages), but instead indicate that something is fundamentally wrong + with the FargateProfile's spec or the configuration of the controller, + and that manual intervention is required. Examples of terminal errors + would be invalid combinations of settings in the spec, values that + are unsupported by the controller, or the responsible controller + itself being critically misconfigured. \n Any transient errors that + occur during the reconciliation of FargateProfiles can be added + as events to the FargateProfile object and/or logged in the controller's + output." + type: string + ready: + default: false + description: Ready denotes that the FargateProfile is available. + type: boolean + required: + - ready + type: object + type: object + served: false + storage: false + subresources: + status: {} + - additionalPrinterColumns: + - description: AWSFargateProfile ready status + jsonPath: .status.ready + name: Ready + type: string + - description: EKS Fargate profile name + jsonPath: .spec.profileName + name: ProfileName + type: string + - description: Failure reason + jsonPath: .status.failureReason + name: FailureReason + type: string + name: v1beta2 + schema: + openAPIV3Schema: + description: AWSFargateProfile is the Schema for the awsfargateprofiles API. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: FargateProfileSpec defines the desired state of FargateProfile. + properties: + additionalTags: + additionalProperties: + type: string + description: AdditionalTags is an optional set of tags to add to AWS + resources managed by the AWS provider, in addition to the ones added + by default. + type: object + clusterName: + description: ClusterName is the name of the Cluster this object belongs + to. + minLength: 1 + type: string + profileName: + description: ProfileName specifies the profile name. + type: string + roleName: + description: RoleName specifies the name of IAM role for this fargate + pool If the role is pre-existing we will treat it as unmanaged and + not delete it on deletion. If the EKSEnableIAM feature flag is true + and no name is supplied then a role is created. + type: string + selectors: + description: Selectors specify fargate pod selectors. + items: + description: FargateSelector specifies a selector for pods that + should run on this fargate pool. + properties: + labels: + additionalProperties: + type: string + description: Labels specifies which pod labels this selector + should match. + type: object + namespace: + description: Namespace specifies which namespace this selector + should match. + type: string + type: object + type: array + subnetIDs: + description: SubnetIDs specifies which subnets are used for the auto + scaling group of this nodegroup. + items: + type: string + type: array + required: + - clusterName + type: object + status: + description: FargateProfileStatus defines the observed state of FargateProfile. + properties: + conditions: + description: Conditions defines current state of the Fargate profile. + items: + description: Condition defines an observation of a Cluster API resource + operational state. + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. This should be when the underlying condition changed. + If that is not known, then using the time when the API field + changed is acceptable. + format: date-time + type: string + message: + description: A human readable message indicating details about + the transition. This field may be empty. + type: string + reason: + description: The reason for the condition's last transition + in CamelCase. The specific API may choose whether or not this + field is considered a guaranteed API. This field may not be + empty. + type: string + severity: + description: Severity provides an explicit classification of + Reason code, so the users or machines can immediately understand + the current situation and act accordingly. The Severity field + MUST be set only when Status=False. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition in CamelCase or in foo.example.com/CamelCase. + Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be useful + (see .node.status.conditions), the ability to deconflict is + important. + type: string + required: + - lastTransitionTime + - status + - type + type: object + type: array + failureMessage: + description: "FailureMessage will be set in the event that there is + a terminal problem reconciling the FargateProfile and will contain + a more verbose string suitable for logging and human consumption. + \n This field should not be set for transitive errors that a controller + faces that are expected to be fixed automatically over time (like + service outages), but instead indicate that something is fundamentally + wrong with the FargateProfile's spec or the configuration of the + controller, and that manual intervention is required. Examples of + terminal errors would be invalid combinations of settings in the + spec, values that are unsupported by the controller, or the responsible + controller itself being critically misconfigured. \n Any transient + errors that occur during the reconciliation of FargateProfiles can + be added as events to the FargateProfile object and/or logged in + the controller's output." + type: string + failureReason: + description: "FailureReason will be set in the event that there is + a terminal problem reconciling the FargateProfile and will contain + a succinct value suitable for machine interpretation. \n This field + should not be set for transitive errors that a controller faces + that are expected to be fixed automatically over time (like service + outages), but instead indicate that something is fundamentally wrong + with the FargateProfile's spec or the configuration of the controller, + and that manual intervention is required. Examples of terminal errors + would be invalid combinations of settings in the spec, values that + are unsupported by the controller, or the responsible controller + itself being critically misconfigured. \n Any transient errors that + occur during the reconciliation of FargateProfiles can be added + as events to the FargateProfile object and/or logged in the controller's + output." + type: string + ready: + default: false + description: Ready denotes that the FargateProfile is available. + type: boolean + required: + - ready + type: object + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.13.0 + labels: + cluster.x-k8s.io/provider: infrastructure-aws + cluster.x-k8s.io/v1alpha3: v1alpha3 + cluster.x-k8s.io/v1alpha4: v1alpha4 + cluster.x-k8s.io/v1beta1: v1beta1_v1beta2 + name: awsmachinepools.infrastructure.cluster.x-k8s.io +spec: + group: infrastructure.cluster.x-k8s.io + names: + categories: + - cluster-api + kind: AWSMachinePool + listKind: AWSMachinePoolList + plural: awsmachinepools + shortNames: + - awsmp + singular: awsmachinepool + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: Machine ready status + jsonPath: .status.ready + name: Ready + type: string + - description: Machine ready status + jsonPath: .status.replicas + name: Replicas + type: integer + - description: Minimum instanes in ASG + jsonPath: .spec.minSize + name: MinSize + type: integer + - description: Maximum instanes in ASG + jsonPath: .spec.maxSize + name: MaxSize + type: integer + - description: Launch Template ID + jsonPath: .status.launchTemplateID + name: LaunchTemplate ID + type: string + name: v1beta1 + schema: + openAPIV3Schema: + description: AWSMachinePool is the Schema for the awsmachinepools API. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: AWSMachinePoolSpec defines the desired state of AWSMachinePool. + properties: + additionalTags: + additionalProperties: + type: string + description: AdditionalTags is an optional set of tags to add to an + instance, in addition to the ones added by default by the AWS provider. + type: object + availabilityZones: + description: AvailabilityZones is an array of availability zones instances + can run in + items: + type: string + type: array + awsLaunchTemplate: + description: AWSLaunchTemplate specifies the launch template and version + to use when an instance is launched. + properties: + additionalSecurityGroups: + description: AdditionalSecurityGroups is an array of references + to security groups that should be applied to the instances. + These security groups would be set in addition to any security + groups defined at the cluster level or in the actuator. + items: + description: AWSResourceReference is a reference to a specific + AWS resource by ID or filters. Only one of ID or Filters may + be specified. Specifying more than one will result in a validation + error. + properties: + filters: + description: 'Filters is a set of key/value pairs used to + identify a resource They are applied according to the + rules defined by the AWS API: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Using_Filtering.html' + items: + description: Filter is a filter used to identify an AWS + resource. + properties: + name: + description: Name of the filter. Filter names are + case-sensitive. + type: string + values: + description: Values includes one or more filter values. + Filter values are case-sensitive. + items: + type: string + type: array + required: + - name + - values + type: object + type: array + id: + description: ID of resource + type: string + type: object + type: array + ami: + description: AMI is the reference to the AMI from which to create + the machine instance. + properties: + eksLookupType: + description: EKSOptimizedLookupType If specified, will look + up an EKS Optimized image in SSM Parameter store + enum: + - AmazonLinux + - AmazonLinuxGPU + type: string + id: + description: ID of resource + type: string + type: object + iamInstanceProfile: + description: The name or the Amazon Resource Name (ARN) of the + instance profile associated with the IAM role for the instance. + The instance profile contains the IAM role. + type: string + imageLookupBaseOS: + description: ImageLookupBaseOS is the name of the base operating + system to use for image lookup the AMI is not set. + type: string + imageLookupFormat: + description: 'ImageLookupFormat is the AMI naming format to look + up the image for this machine It will be ignored if an explicit + AMI is set. Supports substitutions for {{.BaseOS}} and {{.K8sVersion}} + with the base OS and kubernetes version, respectively. The BaseOS + will be the value in ImageLookupBaseOS or ubuntu (the default), + and the kubernetes version as defined by the packages produced + by kubernetes/release without v as a prefix: 1.13.0, 1.12.5-mybuild.1, + or 1.17.3. For example, the default image format of capa-ami-{{.BaseOS}}-?{{.K8sVersion}}-* + will end up searching for AMIs that match the pattern capa-ami-ubuntu-?1.18.0-* + for a Machine that is targeting kubernetes v1.18.0 and the ubuntu + base OS. See also: https://golang.org/pkg/text/template/' + type: string + imageLookupOrg: + description: ImageLookupOrg is the AWS Organization ID to use + for image lookup if AMI is not set. + type: string + instanceType: + description: 'InstanceType is the type of instance to create. + Example: m4.xlarge' + type: string + name: + description: The name of the launch template. + type: string + rootVolume: + description: RootVolume encapsulates the configuration options + for the root volume + properties: + deviceName: + description: Device name + type: string + encrypted: + description: Encrypted is whether the volume should be encrypted + or not. + type: boolean + encryptionKey: + description: EncryptionKey is the KMS key to use to encrypt + the volume. Can be either a KMS key ID or ARN. If Encrypted + is set and this is omitted, the default AWS key will be + used. The key must already exist and be accessible by the + controller. + type: string + iops: + description: IOPS is the number of IOPS requested for the + disk. Not applicable to all types. + format: int64 + type: integer + size: + description: Size specifies size (in Gi) of the storage device. + Must be greater than the image snapshot size or 8 (whichever + is greater). + format: int64 + minimum: 8 + type: integer + throughput: + description: Throughput to provision in MiB/s supported for + the volume type. Not applicable to all types. + format: int64 + type: integer + type: + description: Type is the type of the volume (e.g. gp2, io1, + etc...). + type: string + required: + - size + type: object + spotMarketOptions: + description: SpotMarketOptions are options for configuring AWSMachinePool + instances to be run using AWS Spot instances. + properties: + maxPrice: + description: MaxPrice defines the maximum price the user is + willing to pay for Spot VM instances + type: string + type: object + sshKeyName: + description: SSHKeyName is the name of the ssh key to attach to + the instance. Valid values are empty string (do not use SSH + keys), a valid SSH key name, or omitted (use the default SSH + key name) + type: string + versionNumber: + description: 'VersionNumber is the version of the launch template + that is applied. Typically a new version is created when at + least one of the following happens: 1) A new launch template + spec is applied. 2) One or more parameters in an existing template + is changed. 3) A new AMI is discovered.' + format: int64 + type: integer + type: object + capacityRebalance: + description: Enable or disable the capacity rebalance autoscaling + group feature + type: boolean + defaultCoolDown: + description: The amount of time, in seconds, after a scaling activity + completes before another scaling activity can start. If no value + is supplied by user a default value of 300 seconds is set + type: string + maxSize: + default: 1 + description: MaxSize defines the maximum size of the group. + format: int32 + minimum: 1 + type: integer + minSize: + default: 1 + description: MinSize defines the minimum size of the group. + format: int32 + minimum: 0 + type: integer + mixedInstancesPolicy: + description: MixedInstancesPolicy describes how multiple instance + types will be used by the ASG. + properties: + instancesDistribution: + description: InstancesDistribution to configure distribution of + On-Demand Instances and Spot Instances. + properties: + onDemandAllocationStrategy: + default: prioritized + description: OnDemandAllocationStrategy indicates how to allocate + instance types to fulfill On-Demand capacity. + enum: + - prioritized + type: string + onDemandBaseCapacity: + default: 0 + format: int64 + type: integer + onDemandPercentageAboveBaseCapacity: + default: 100 + format: int64 + type: integer + spotAllocationStrategy: + default: lowest-price + description: SpotAllocationStrategy indicates how to allocate + instances across Spot Instance pools. + enum: + - lowest-price + - capacity-optimized + type: string + type: object + overrides: + items: + description: Overrides are used to override the instance type + specified by the launch template with multiple instance types + that can be used to launch On-Demand Instances and Spot Instances. + properties: + instanceType: + type: string + required: + - instanceType + type: object + type: array + type: object + providerID: + description: ProviderID is the ARN of the associated ASG + type: string + providerIDList: + description: ProviderIDList are the identification IDs of machine + instances provided by the provider. This field must match the provider + IDs as seen on the node objects corresponding to a machine pool's + machine instances. + items: + type: string + type: array + refreshPreferences: + description: RefreshPreferences describes set of preferences associated + with the instance refresh request. + properties: + instanceWarmup: + description: The number of seconds until a newly launched instance + is configured and ready to use. During this time, the next replacement + will not be initiated. The default is to use the value for the + health check grace period defined for the group. + format: int64 + type: integer + minHealthyPercentage: + description: The amount of capacity as a percentage in ASG that + must remain healthy during an instance refresh. The default + is 90. + format: int64 + type: integer + strategy: + description: The strategy to use for the instance refresh. The + only valid value is Rolling. A rolling update is an update that + is applied to all instances in an Auto Scaling group until all + instances have been updated. + type: string + type: object + subnets: + description: Subnets is an array of subnet configurations + items: + description: AWSResourceReference is a reference to a specific AWS + resource by ID or filters. Only one of ID or Filters may be specified. + Specifying more than one will result in a validation error. + properties: + filters: + description: 'Filters is a set of key/value pairs used to identify + a resource They are applied according to the rules defined + by the AWS API: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Using_Filtering.html' + items: + description: Filter is a filter used to identify an AWS resource. + properties: + name: + description: Name of the filter. Filter names are case-sensitive. + type: string + values: + description: Values includes one or more filter values. + Filter values are case-sensitive. + items: + type: string + type: array + required: + - name + - values + type: object + type: array + id: + description: ID of resource + type: string + type: object + type: array + required: + - awsLaunchTemplate + - maxSize + - minSize + type: object + status: + description: AWSMachinePoolStatus defines the observed state of AWSMachinePool. + properties: + asgStatus: + description: ASGStatus is a status string returned by the autoscaling + API. + type: string + conditions: + description: Conditions defines current service state of the AWSMachinePool. + items: + description: Condition defines an observation of a Cluster API resource + operational state. + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. This should be when the underlying condition changed. + If that is not known, then using the time when the API field + changed is acceptable. + format: date-time + type: string + message: + description: A human readable message indicating details about + the transition. This field may be empty. + type: string + reason: + description: The reason for the condition's last transition + in CamelCase. The specific API may choose whether or not this + field is considered a guaranteed API. This field may not be + empty. + type: string + severity: + description: Severity provides an explicit classification of + Reason code, so the users or machines can immediately understand + the current situation and act accordingly. The Severity field + MUST be set only when Status=False. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition in CamelCase or in foo.example.com/CamelCase. + Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be useful + (see .node.status.conditions), the ability to deconflict is + important. + type: string + required: + - lastTransitionTime + - status + - type + type: object + type: array + failureMessage: + description: "FailureMessage will be set in the event that there is + a terminal problem reconciling the Machine and will contain a more + verbose string suitable for logging and human consumption. \n This + field should not be set for transitive errors that a controller + faces that are expected to be fixed automatically over time (like + service outages), but instead indicate that something is fundamentally + wrong with the Machine's spec or the configuration of the controller, + and that manual intervention is required. Examples of terminal errors + would be invalid combinations of settings in the spec, values that + are unsupported by the controller, or the responsible controller + itself being critically misconfigured. \n Any transient errors that + occur during the reconciliation of Machines can be added as events + to the Machine object and/or logged in the controller's output." + type: string + failureReason: + description: "FailureReason will be set in the event that there is + a terminal problem reconciling the Machine and will contain a succinct + value suitable for machine interpretation. \n This field should + not be set for transitive errors that a controller faces that are + expected to be fixed automatically over time (like service outages), + but instead indicate that something is fundamentally wrong with + the Machine's spec or the configuration of the controller, and that + manual intervention is required. Examples of terminal errors would + be invalid combinations of settings in the spec, values that are + unsupported by the controller, or the responsible controller itself + being critically misconfigured. \n Any transient errors that occur + during the reconciliation of Machines can be added as events to + the Machine object and/or logged in the controller's output." + type: string + instances: + description: Instances contains the status for each instance in the + pool + items: + description: AWSMachinePoolInstanceStatus defines the status of + the AWSMachinePoolInstance. + properties: + instanceID: + description: InstanceID is the identification of the Machine + Instance within ASG + type: string + version: + description: Version defines the Kubernetes version for the + Machine Instance + type: string + type: object + type: array + launchTemplateID: + description: The ID of the launch template + type: string + launchTemplateVersion: + description: The version of the launch template + type: string + ready: + description: Ready is true when the provider resource is ready. + type: boolean + replicas: + description: Replicas is the most recently observed number of replicas + format: int32 + type: integer + type: object + type: object + served: false + storage: false + subresources: + status: {} + - additionalPrinterColumns: + - description: Machine ready status + jsonPath: .status.ready + name: Ready + type: string + - description: Machine ready status + jsonPath: .status.replicas + name: Replicas + type: integer + - description: Minimum instanes in ASG + jsonPath: .spec.minSize + name: MinSize + type: integer + - description: Maximum instanes in ASG + jsonPath: .spec.maxSize + name: MaxSize + type: integer + - description: Launch Template ID + jsonPath: .status.launchTemplateID + name: LaunchTemplate ID + type: string + name: v1beta2 + schema: + openAPIV3Schema: + description: AWSMachinePool is the Schema for the awsmachinepools API. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: AWSMachinePoolSpec defines the desired state of AWSMachinePool. + properties: + additionalTags: + additionalProperties: + type: string + description: AdditionalTags is an optional set of tags to add to an + instance, in addition to the ones added by default by the AWS provider. + type: object + availabilityZoneSubnetType: + description: AvailabilityZoneSubnetType specifies which type of subnets + to use when an availability zone is specified. + enum: + - public + - private + - all + type: string + availabilityZones: + description: AvailabilityZones is an array of availability zones instances + can run in + items: + type: string + type: array + awsLaunchTemplate: + description: AWSLaunchTemplate specifies the launch template and version + to use when an instance is launched. + properties: + additionalSecurityGroups: + description: AdditionalSecurityGroups is an array of references + to security groups that should be applied to the instances. + These security groups would be set in addition to any security + groups defined at the cluster level or in the actuator. + items: + description: AWSResourceReference is a reference to a specific + AWS resource by ID or filters. Only one of ID or Filters may + be specified. Specifying more than one will result in a validation + error. + properties: + filters: + description: 'Filters is a set of key/value pairs used to + identify a resource They are applied according to the + rules defined by the AWS API: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Using_Filtering.html' + items: + description: Filter is a filter used to identify an AWS + resource. + properties: + name: + description: Name of the filter. Filter names are + case-sensitive. + type: string + values: + description: Values includes one or more filter values. + Filter values are case-sensitive. + items: + type: string + type: array + required: + - name + - values + type: object + type: array + id: + description: ID of resource + type: string + type: object + type: array + ami: + description: AMI is the reference to the AMI from which to create + the machine instance. + properties: + eksLookupType: + description: EKSOptimizedLookupType If specified, will look + up an EKS Optimized image in SSM Parameter store + enum: + - AmazonLinux + - AmazonLinuxGPU + type: string + id: + description: ID of resource + type: string + type: object + iamInstanceProfile: + description: The name or the Amazon Resource Name (ARN) of the + instance profile associated with the IAM role for the instance. + The instance profile contains the IAM role. + type: string + imageLookupBaseOS: + description: ImageLookupBaseOS is the name of the base operating + system to use for image lookup the AMI is not set. + type: string + imageLookupFormat: + description: 'ImageLookupFormat is the AMI naming format to look + up the image for this machine It will be ignored if an explicit + AMI is set. Supports substitutions for {{.BaseOS}} and {{.K8sVersion}} + with the base OS and kubernetes version, respectively. The BaseOS + will be the value in ImageLookupBaseOS or ubuntu (the default), + and the kubernetes version as defined by the packages produced + by kubernetes/release without v as a prefix: 1.13.0, 1.12.5-mybuild.1, + or 1.17.3. For example, the default image format of capa-ami-{{.BaseOS}}-?{{.K8sVersion}}-* + will end up searching for AMIs that match the pattern capa-ami-ubuntu-?1.18.0-* + for a Machine that is targeting kubernetes v1.18.0 and the ubuntu + base OS. See also: https://golang.org/pkg/text/template/' + type: string + imageLookupOrg: + description: ImageLookupOrg is the AWS Organization ID to use + for image lookup if AMI is not set. + type: string + instanceMetadataOptions: + description: InstanceMetadataOptions defines the behavior for + applying metadata to instances. + properties: + httpEndpoint: + default: enabled + description: "Enables or disables the HTTP metadata endpoint + on your instances. \n If you specify a value of disabled, + you cannot access your instance metadata. \n Default: enabled" + enum: + - enabled + - disabled + type: string + httpPutResponseHopLimit: + default: 1 + description: "The desired HTTP PUT response hop limit for + instance metadata requests. The larger the number, the further + instance metadata requests can travel. \n Default: 1" + format: int64 + maximum: 64 + minimum: 1 + type: integer + httpTokens: + default: optional + description: "The state of token usage for your instance metadata + requests. \n If the state is optional, you can choose to + retrieve instance metadata with or without a session token + on your request. If you retrieve the IAM role credentials + without a token, the version 1.0 role credentials are returned. + If you retrieve the IAM role credentials using a valid session + token, the version 2.0 role credentials are returned. \n + If the state is required, you must send a session token + with any instance metadata retrieval requests. In this state, + retrieving the IAM role credentials always returns the version + 2.0 credentials; the version 1.0 credentials are not available. + \n Default: optional" + enum: + - optional + - required + type: string + instanceMetadataTags: + default: disabled + description: "Set to enabled to allow access to instance tags + from the instance metadata. Set to disabled to turn off + access to instance tags from the instance metadata. For + more information, see Work with instance tags using the + instance metadata (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Using_Tags.html#work-with-tags-in-IMDS). + \n Default: disabled" + enum: + - enabled + - disabled + type: string + type: object + instanceType: + description: 'InstanceType is the type of instance to create. + Example: m4.xlarge' + type: string + name: + description: The name of the launch template. + type: string + privateDnsName: + description: PrivateDNSName is the options for the instance hostname. + properties: + enableResourceNameDnsAAAARecord: + description: EnableResourceNameDNSAAAARecord indicates whether + to respond to DNS queries for instance hostnames with DNS + AAAA records. + type: boolean + enableResourceNameDnsARecord: + description: EnableResourceNameDNSARecord indicates whether + to respond to DNS queries for instance hostnames with DNS + A records. + type: boolean + hostnameType: + description: The type of hostname to assign to an instance. + enum: + - ip-name + - resource-name + type: string + type: object + rootVolume: + description: RootVolume encapsulates the configuration options + for the root volume + properties: + deviceName: + description: Device name + type: string + encrypted: + description: Encrypted is whether the volume should be encrypted + or not. + type: boolean + encryptionKey: + description: EncryptionKey is the KMS key to use to encrypt + the volume. Can be either a KMS key ID or ARN. If Encrypted + is set and this is omitted, the default AWS key will be + used. The key must already exist and be accessible by the + controller. + type: string + iops: + description: IOPS is the number of IOPS requested for the + disk. Not applicable to all types. + format: int64 + type: integer + size: + description: Size specifies size (in Gi) of the storage device. + Must be greater than the image snapshot size or 8 (whichever + is greater). + format: int64 + minimum: 8 + type: integer + throughput: + description: Throughput to provision in MiB/s supported for + the volume type. Not applicable to all types. + format: int64 + type: integer + type: + description: Type is the type of the volume (e.g. gp2, io1, + etc...). + type: string + required: + - size + type: object + spotMarketOptions: + description: SpotMarketOptions are options for configuring AWSMachinePool + instances to be run using AWS Spot instances. + properties: + maxPrice: + description: MaxPrice defines the maximum price the user is + willing to pay for Spot VM instances + type: string + type: object + sshKeyName: + description: SSHKeyName is the name of the ssh key to attach to + the instance. Valid values are empty string (do not use SSH + keys), a valid SSH key name, or omitted (use the default SSH + key name) + type: string + versionNumber: + description: 'VersionNumber is the version of the launch template + that is applied. Typically a new version is created when at + least one of the following happens: 1) A new launch template + spec is applied. 2) One or more parameters in an existing template + is changed. 3) A new AMI is discovered.' + format: int64 + type: integer + type: object + capacityRebalance: + description: Enable or disable the capacity rebalance autoscaling + group feature + type: boolean + defaultCoolDown: + description: The amount of time, in seconds, after a scaling activity + completes before another scaling activity can start. If no value + is supplied by user a default value of 300 seconds is set + type: string + defaultInstanceWarmup: + description: The amount of time, in seconds, until a new instance + is considered to have finished initializing and resource consumption + to become stable after it enters the InService state. If no value + is supplied by user a default value of 300 seconds is set + type: string + maxSize: + default: 1 + description: MaxSize defines the maximum size of the group. + format: int32 + minimum: 1 + type: integer + minSize: + default: 1 + description: MinSize defines the minimum size of the group. + format: int32 + minimum: 0 + type: integer + mixedInstancesPolicy: + description: MixedInstancesPolicy describes how multiple instance + types will be used by the ASG. + properties: + instancesDistribution: + description: InstancesDistribution to configure distribution of + On-Demand Instances and Spot Instances. + properties: + onDemandAllocationStrategy: + default: prioritized + description: OnDemandAllocationStrategy indicates how to allocate + instance types to fulfill On-Demand capacity. + enum: + - prioritized + - lowest-price + type: string + onDemandBaseCapacity: + default: 0 + format: int64 + type: integer + onDemandPercentageAboveBaseCapacity: + default: 100 + format: int64 + type: integer + spotAllocationStrategy: + default: lowest-price + description: SpotAllocationStrategy indicates how to allocate + instances across Spot Instance pools. + enum: + - lowest-price + - capacity-optimized + - capacity-optimized-prioritized + - price-capacity-optimized + type: string + type: object + overrides: + items: + description: Overrides are used to override the instance type + specified by the launch template with multiple instance types + that can be used to launch On-Demand Instances and Spot Instances. + properties: + instanceType: + type: string + required: + - instanceType + type: object + type: array + type: object + providerID: + description: ProviderID is the ARN of the associated ASG + type: string + providerIDList: + description: ProviderIDList are the identification IDs of machine + instances provided by the provider. This field must match the provider + IDs as seen on the node objects corresponding to a machine pool's + machine instances. + items: + type: string + type: array + refreshPreferences: + description: RefreshPreferences describes set of preferences associated + with the instance refresh request. + properties: + disable: + description: Disable, if true, disables instance refresh from + triggering when new launch templates are detected. This is useful + in scenarios where ASG nodes are externally managed. + type: boolean + instanceWarmup: + description: The number of seconds until a newly launched instance + is configured and ready to use. During this time, the next replacement + will not be initiated. The default is to use the value for the + health check grace period defined for the group. + format: int64 + type: integer + minHealthyPercentage: + description: The amount of capacity as a percentage in ASG that + must remain healthy during an instance refresh. The default + is 90. + format: int64 + type: integer + strategy: + description: The strategy to use for the instance refresh. The + only valid value is Rolling. A rolling update is an update that + is applied to all instances in an Auto Scaling group until all + instances have been updated. + type: string + type: object + subnets: + description: Subnets is an array of subnet configurations + items: + description: AWSResourceReference is a reference to a specific AWS + resource by ID or filters. Only one of ID or Filters may be specified. + Specifying more than one will result in a validation error. + properties: + filters: + description: 'Filters is a set of key/value pairs used to identify + a resource They are applied according to the rules defined + by the AWS API: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Using_Filtering.html' + items: + description: Filter is a filter used to identify an AWS resource. + properties: + name: + description: Name of the filter. Filter names are case-sensitive. + type: string + values: + description: Values includes one or more filter values. + Filter values are case-sensitive. + items: + type: string + type: array + required: + - name + - values + type: object + type: array + id: + description: ID of resource + type: string + type: object + type: array + suspendProcesses: + description: SuspendProcesses defines a list of processes to suspend + for the given ASG. This is constantly reconciled. If a process is + removed from this list it will automatically be resumed. + properties: + all: + type: boolean + processes: + description: Processes defines the processes which can be enabled + or disabled individually. + properties: + addToLoadBalancer: + type: boolean + alarmNotification: + type: boolean + azRebalance: + type: boolean + healthCheck: + type: boolean + instanceRefresh: + type: boolean + launch: + type: boolean + replaceUnhealthy: + type: boolean + scheduledActions: + type: boolean + terminate: + type: boolean + type: object + type: object + required: + - awsLaunchTemplate + - maxSize + - minSize + type: object + status: + description: AWSMachinePoolStatus defines the observed state of AWSMachinePool. + properties: + asgStatus: + description: ASGStatus is a status string returned by the autoscaling + API. + type: string + conditions: + description: Conditions defines current service state of the AWSMachinePool. + items: + description: Condition defines an observation of a Cluster API resource + operational state. + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. This should be when the underlying condition changed. + If that is not known, then using the time when the API field + changed is acceptable. + format: date-time + type: string + message: + description: A human readable message indicating details about + the transition. This field may be empty. + type: string + reason: + description: The reason for the condition's last transition + in CamelCase. The specific API may choose whether or not this + field is considered a guaranteed API. This field may not be + empty. + type: string + severity: + description: Severity provides an explicit classification of + Reason code, so the users or machines can immediately understand + the current situation and act accordingly. The Severity field + MUST be set only when Status=False. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition in CamelCase or in foo.example.com/CamelCase. + Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be useful + (see .node.status.conditions), the ability to deconflict is + important. + type: string + required: + - lastTransitionTime + - status + - type + type: object + type: array + failureMessage: + description: "FailureMessage will be set in the event that there is + a terminal problem reconciling the Machine and will contain a more + verbose string suitable for logging and human consumption. \n This + field should not be set for transitive errors that a controller + faces that are expected to be fixed automatically over time (like + service outages), but instead indicate that something is fundamentally + wrong with the Machine's spec or the configuration of the controller, + and that manual intervention is required. Examples of terminal errors + would be invalid combinations of settings in the spec, values that + are unsupported by the controller, or the responsible controller + itself being critically misconfigured. \n Any transient errors that + occur during the reconciliation of Machines can be added as events + to the Machine object and/or logged in the controller's output." + type: string + failureReason: + description: "FailureReason will be set in the event that there is + a terminal problem reconciling the Machine and will contain a succinct + value suitable for machine interpretation. \n This field should + not be set for transitive errors that a controller faces that are + expected to be fixed automatically over time (like service outages), + but instead indicate that something is fundamentally wrong with + the Machine's spec or the configuration of the controller, and that + manual intervention is required. Examples of terminal errors would + be invalid combinations of settings in the spec, values that are + unsupported by the controller, or the responsible controller itself + being critically misconfigured. \n Any transient errors that occur + during the reconciliation of Machines can be added as events to + the Machine object and/or logged in the controller's output." + type: string + instances: + description: Instances contains the status for each instance in the + pool + items: + description: AWSMachinePoolInstanceStatus defines the status of + the AWSMachinePoolInstance. + properties: + instanceID: + description: InstanceID is the identification of the Machine + Instance within ASG + type: string + version: + description: Version defines the Kubernetes version for the + Machine Instance + type: string + type: object + type: array + launchTemplateID: + description: The ID of the launch template + type: string + launchTemplateVersion: + description: The version of the launch template + type: string + ready: + description: Ready is true when the provider resource is ready. + type: boolean + replicas: + description: Replicas is the most recently observed number of replicas + format: int32 + type: integer + type: object + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cert-manager.io/inject-ca-from: capa-system/capa-serving-cert + controller-gen.kubebuilder.io/version: v0.13.0 + labels: + cluster.x-k8s.io/provider: infrastructure-aws + cluster.x-k8s.io/v1alpha3: v1alpha3 + cluster.x-k8s.io/v1alpha4: v1alpha4 + cluster.x-k8s.io/v1beta1: v1beta1_v1beta2 + name: awsmachines.infrastructure.cluster.x-k8s.io +spec: + conversion: + strategy: Webhook + webhook: + clientConfig: + caBundle: Cg== + service: + name: capa-webhook-service + namespace: capa-system + path: /convert + conversionReviewVersions: + - v1 + - v1beta1 + group: infrastructure.cluster.x-k8s.io + names: + categories: + - cluster-api + kind: AWSMachine + listKind: AWSMachineList + plural: awsmachines + shortNames: + - awsm + singular: awsmachine + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: Cluster to which this AWSMachine belongs + jsonPath: .metadata.labels.cluster\.x-k8s\.io/cluster-name + name: Cluster + type: string + - description: EC2 instance state + jsonPath: .status.instanceState + name: State + type: string + - description: Machine ready status + jsonPath: .status.ready + name: Ready + type: string + - description: EC2 instance ID + jsonPath: .spec.providerID + name: InstanceID + type: string + - description: Machine object which owns with this AWSMachine + jsonPath: .metadata.ownerReferences[?(@.kind=="Machine")].name + name: Machine + type: string + name: v1beta1 + schema: + openAPIV3Schema: + description: AWSMachine is the schema for Amazon EC2 machines. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: AWSMachineSpec defines the desired state of an Amazon EC2 + instance. + properties: + additionalSecurityGroups: + description: AdditionalSecurityGroups is an array of references to + security groups that should be applied to the instance. These security + groups would be set in addition to any security groups defined at + the cluster level or in the actuator. It is possible to specify + either IDs of Filters. Using Filters will cause additional requests + to AWS API and if tags change the attached security groups might + change too. + items: + description: AWSResourceReference is a reference to a specific AWS + resource by ID or filters. Only one of ID or Filters may be specified. + Specifying more than one will result in a validation error. + properties: + arn: + description: 'ARN of resource. Deprecated: This field has no + function and is going to be removed in the next release.' + type: string + filters: + description: 'Filters is a set of key/value pairs used to identify + a resource They are applied according to the rules defined + by the AWS API: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Using_Filtering.html' + items: + description: Filter is a filter used to identify an AWS resource. + properties: + name: + description: Name of the filter. Filter names are case-sensitive. + type: string + values: + description: Values includes one or more filter values. + Filter values are case-sensitive. + items: + type: string + type: array + required: + - name + - values + type: object + type: array + id: + description: ID of resource + type: string + type: object + type: array + additionalTags: + additionalProperties: + type: string + description: AdditionalTags is an optional set of tags to add to an + instance, in addition to the ones added by default by the AWS provider. + If both the AWSCluster and the AWSMachine specify the same tag name + with different values, the AWSMachine's value takes precedence. + type: object + ami: + description: AMI is the reference to the AMI from which to create + the machine instance. + properties: + eksLookupType: + description: EKSOptimizedLookupType If specified, will look up + an EKS Optimized image in SSM Parameter store + enum: + - AmazonLinux + - AmazonLinuxGPU + type: string + id: + description: ID of resource + type: string + type: object + cloudInit: + description: CloudInit defines options related to the bootstrapping + systems where CloudInit is used. + properties: + insecureSkipSecretsManager: + description: InsecureSkipSecretsManager, when set to true will + not use AWS Secrets Manager or AWS Systems Manager Parameter + Store to ensure privacy of userdata. By default, a cloud-init + boothook shell script is prepended to download the userdata + from Secrets Manager and additionally delete the secret. + type: boolean + secretCount: + description: SecretCount is the number of secrets used to form + the complete secret + format: int32 + type: integer + secretPrefix: + description: SecretPrefix is the prefix for the secret name. This + is stored temporarily, and deleted when the machine registers + as a node against the workload cluster. + type: string + secureSecretsBackend: + description: SecureSecretsBackend, when set to parameter-store + will utilize the AWS Systems Manager Parameter Storage to distribute + secrets. By default or with the value of secrets-manager, will + use AWS Secrets Manager instead. + enum: + - secrets-manager + - ssm-parameter-store + type: string + type: object + failureDomain: + description: FailureDomain is the failure domain unique identifier + this Machine should be attached to, as defined in Cluster API. For + this infrastructure provider, the ID is equivalent to an AWS Availability + Zone. If multiple subnets are matched for the availability zone, + the first one returned is picked. + type: string + iamInstanceProfile: + description: IAMInstanceProfile is a name of an IAM instance profile + to assign to the instance + type: string + ignition: + description: Ignition defined options related to the bootstrapping + systems where Ignition is used. + properties: + version: + default: "2.3" + description: Version defines which version of Ignition will be + used to generate bootstrap data. + enum: + - "2.3" + type: string + type: object + imageLookupBaseOS: + description: ImageLookupBaseOS is the name of the base operating system + to use for image lookup the AMI is not set. + type: string + imageLookupFormat: + description: 'ImageLookupFormat is the AMI naming format to look up + the image for this machine It will be ignored if an explicit AMI + is set. Supports substitutions for {{.BaseOS}} and {{.K8sVersion}} + with the base OS and kubernetes version, respectively. The BaseOS + will be the value in ImageLookupBaseOS or ubuntu (the default), + and the kubernetes version as defined by the packages produced by + kubernetes/release without v as a prefix: 1.13.0, 1.12.5-mybuild.1, + or 1.17.3. For example, the default image format of capa-ami-{{.BaseOS}}-?{{.K8sVersion}}-* + will end up searching for AMIs that match the pattern capa-ami-ubuntu-?1.18.0-* + for a Machine that is targeting kubernetes v1.18.0 and the ubuntu + base OS. See also: https://golang.org/pkg/text/template/' + type: string + imageLookupOrg: + description: ImageLookupOrg is the AWS Organization ID to use for + image lookup if AMI is not set. + type: string + instanceID: + description: InstanceID is the EC2 instance ID for this machine. + type: string + instanceType: + description: 'InstanceType is the type of instance to create. Example: + m4.xlarge' + minLength: 2 + type: string + networkInterfaces: + description: NetworkInterfaces is a list of ENIs to associate with + the instance. A maximum of 2 may be specified. + items: + type: string + maxItems: 2 + type: array + nonRootVolumes: + description: Configuration options for the non root storage volumes. + items: + description: Volume encapsulates the configuration options for the + storage device. + properties: + deviceName: + description: Device name + type: string + encrypted: + description: Encrypted is whether the volume should be encrypted + or not. + type: boolean + encryptionKey: + description: EncryptionKey is the KMS key to use to encrypt + the volume. Can be either a KMS key ID or ARN. If Encrypted + is set and this is omitted, the default AWS key will be used. + The key must already exist and be accessible by the controller. + type: string + iops: + description: IOPS is the number of IOPS requested for the disk. + Not applicable to all types. + format: int64 + type: integer + size: + description: Size specifies size (in Gi) of the storage device. + Must be greater than the image snapshot size or 8 (whichever + is greater). + format: int64 + minimum: 8 + type: integer + throughput: + description: Throughput to provision in MiB/s supported for + the volume type. Not applicable to all types. + format: int64 + type: integer + type: + description: Type is the type of the volume (e.g. gp2, io1, + etc...). + type: string + required: + - size + type: object + type: array + providerID: + description: ProviderID is the unique identifier as specified by the + cloud provider. + type: string + publicIP: + description: 'PublicIP specifies whether the instance should get a + public IP. Precedence for this setting is as follows: 1. This field + if set 2. Cluster/flavor setting 3. Subnet default' + type: boolean + rootVolume: + description: RootVolume encapsulates the configuration options for + the root volume + properties: + deviceName: + description: Device name + type: string + encrypted: + description: Encrypted is whether the volume should be encrypted + or not. + type: boolean + encryptionKey: + description: EncryptionKey is the KMS key to use to encrypt the + volume. Can be either a KMS key ID or ARN. If Encrypted is set + and this is omitted, the default AWS key will be used. The key + must already exist and be accessible by the controller. + type: string + iops: + description: IOPS is the number of IOPS requested for the disk. + Not applicable to all types. + format: int64 + type: integer + size: + description: Size specifies size (in Gi) of the storage device. + Must be greater than the image snapshot size or 8 (whichever + is greater). + format: int64 + minimum: 8 + type: integer + throughput: + description: Throughput to provision in MiB/s supported for the + volume type. Not applicable to all types. + format: int64 + type: integer + type: + description: Type is the type of the volume (e.g. gp2, io1, etc...). + type: string + required: + - size + type: object + spotMarketOptions: + description: SpotMarketOptions allows users to configure instances + to be run using AWS Spot instances. + properties: + maxPrice: + description: MaxPrice defines the maximum price the user is willing + to pay for Spot VM instances + type: string + type: object + sshKeyName: + description: SSHKeyName is the name of the ssh key to attach to the + instance. Valid values are empty string (do not use SSH keys), a + valid SSH key name, or omitted (use the default SSH key name) + type: string + subnet: + description: Subnet is a reference to the subnet to use for this instance. + If not specified, the cluster subnet will be used. + properties: + arn: + description: 'ARN of resource. Deprecated: This field has no function + and is going to be removed in the next release.' + type: string + filters: + description: 'Filters is a set of key/value pairs used to identify + a resource They are applied according to the rules defined by + the AWS API: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Using_Filtering.html' + items: + description: Filter is a filter used to identify an AWS resource. + properties: + name: + description: Name of the filter. Filter names are case-sensitive. + type: string + values: + description: Values includes one or more filter values. + Filter values are case-sensitive. + items: + type: string + type: array + required: + - name + - values + type: object + type: array + id: + description: ID of resource + type: string + type: object + tenancy: + description: Tenancy indicates if instance should run on shared or + single-tenant hardware. + enum: + - default + - dedicated + - host + type: string + uncompressedUserData: + description: UncompressedUserData specify whether the user data is + gzip-compressed before it is sent to ec2 instance. cloud-init has + built-in support for gzip-compressed user data user data stored + in aws secret manager is always gzip-compressed. + type: boolean + required: + - instanceType + type: object + status: + description: AWSMachineStatus defines the observed state of AWSMachine. + properties: + addresses: + description: Addresses contains the AWS instance associated addresses. + items: + description: MachineAddress contains information for the node's + address. + properties: + address: + description: The machine address. + type: string + type: + description: Machine address type, one of Hostname, ExternalIP, + InternalIP, ExternalDNS or InternalDNS. + type: string + required: + - address + - type + type: object + type: array + conditions: + description: Conditions defines current service state of the AWSMachine. + items: + description: Condition defines an observation of a Cluster API resource + operational state. + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. This should be when the underlying condition changed. + If that is not known, then using the time when the API field + changed is acceptable. + format: date-time + type: string + message: + description: A human readable message indicating details about + the transition. This field may be empty. + type: string + reason: + description: The reason for the condition's last transition + in CamelCase. The specific API may choose whether or not this + field is considered a guaranteed API. This field may not be + empty. + type: string + severity: + description: Severity provides an explicit classification of + Reason code, so the users or machines can immediately understand + the current situation and act accordingly. The Severity field + MUST be set only when Status=False. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition in CamelCase or in foo.example.com/CamelCase. + Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be useful + (see .node.status.conditions), the ability to deconflict is + important. + type: string + required: + - lastTransitionTime + - status + - type + type: object + type: array + failureMessage: + description: "FailureMessage will be set in the event that there is + a terminal problem reconciling the Machine and will contain a more + verbose string suitable for logging and human consumption. \n This + field should not be set for transitive errors that a controller + faces that are expected to be fixed automatically over time (like + service outages), but instead indicate that something is fundamentally + wrong with the Machine's spec or the configuration of the controller, + and that manual intervention is required. Examples of terminal errors + would be invalid combinations of settings in the spec, values that + are unsupported by the controller, or the responsible controller + itself being critically misconfigured. \n Any transient errors that + occur during the reconciliation of Machines can be added as events + to the Machine object and/or logged in the controller's output." + type: string + failureReason: + description: "FailureReason will be set in the event that there is + a terminal problem reconciling the Machine and will contain a succinct + value suitable for machine interpretation. \n This field should + not be set for transitive errors that a controller faces that are + expected to be fixed automatically over time (like service outages), + but instead indicate that something is fundamentally wrong with + the Machine's spec or the configuration of the controller, and that + manual intervention is required. Examples of terminal errors would + be invalid combinations of settings in the spec, values that are + unsupported by the controller, or the responsible controller itself + being critically misconfigured. \n Any transient errors that occur + during the reconciliation of Machines can be added as events to + the Machine object and/or logged in the controller's output." + type: string + instanceState: + description: InstanceState is the state of the AWS instance for this + machine. + type: string + interruptible: + description: Interruptible reports that this machine is using spot + instances and can therefore be interrupted by CAPI when it receives + a notice that the spot instance is to be terminated by AWS. This + will be set to true when SpotMarketOptions is not nil (i.e. this + machine is using a spot instance). + type: boolean + ready: + description: Ready is true when the provider resource is ready. + type: boolean + type: object + type: object + served: false + storage: false + subresources: + status: {} + - additionalPrinterColumns: + - description: Cluster to which this AWSMachine belongs + jsonPath: .metadata.labels.cluster\.x-k8s\.io/cluster-name + name: Cluster + type: string + - description: EC2 instance state + jsonPath: .status.instanceState + name: State + type: string + - description: Machine ready status + jsonPath: .status.ready + name: Ready + type: string + - description: EC2 instance ID + jsonPath: .spec.providerID + name: InstanceID + type: string + - description: Machine object which owns with this AWSMachine + jsonPath: .metadata.ownerReferences[?(@.kind=="Machine")].name + name: Machine + type: string + name: v1beta2 + schema: + openAPIV3Schema: + description: AWSMachine is the schema for Amazon EC2 machines. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: AWSMachineSpec defines the desired state of an Amazon EC2 + instance. + properties: + additionalSecurityGroups: + description: AdditionalSecurityGroups is an array of references to + security groups that should be applied to the instance. These security + groups would be set in addition to any security groups defined at + the cluster level or in the actuator. It is possible to specify + either IDs of Filters. Using Filters will cause additional requests + to AWS API and if tags change the attached security groups might + change too. + items: + description: AWSResourceReference is a reference to a specific AWS + resource by ID or filters. Only one of ID or Filters may be specified. + Specifying more than one will result in a validation error. + properties: + filters: + description: 'Filters is a set of key/value pairs used to identify + a resource They are applied according to the rules defined + by the AWS API: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Using_Filtering.html' + items: + description: Filter is a filter used to identify an AWS resource. + properties: + name: + description: Name of the filter. Filter names are case-sensitive. + type: string + values: + description: Values includes one or more filter values. + Filter values are case-sensitive. + items: + type: string + type: array + required: + - name + - values + type: object + type: array + id: + description: ID of resource + type: string + type: object + type: array + additionalTags: + additionalProperties: + type: string + description: AdditionalTags is an optional set of tags to add to an + instance, in addition to the ones added by default by the AWS provider. + If both the AWSCluster and the AWSMachine specify the same tag name + with different values, the AWSMachine's value takes precedence. + type: object + ami: + description: AMI is the reference to the AMI from which to create + the machine instance. + properties: + eksLookupType: + description: EKSOptimizedLookupType If specified, will look up + an EKS Optimized image in SSM Parameter store + enum: + - AmazonLinux + - AmazonLinuxGPU + type: string + id: + description: ID of resource + type: string + type: object + cloudInit: + description: CloudInit defines options related to the bootstrapping + systems where CloudInit is used. + properties: + insecureSkipSecretsManager: + description: InsecureSkipSecretsManager, when set to true will + not use AWS Secrets Manager or AWS Systems Manager Parameter + Store to ensure privacy of userdata. By default, a cloud-init + boothook shell script is prepended to download the userdata + from Secrets Manager and additionally delete the secret. + type: boolean + secretCount: + description: SecretCount is the number of secrets used to form + the complete secret + format: int32 + type: integer + secretPrefix: + description: SecretPrefix is the prefix for the secret name. This + is stored temporarily, and deleted when the machine registers + as a node against the workload cluster. + type: string + secureSecretsBackend: + description: SecureSecretsBackend, when set to parameter-store + will utilize the AWS Systems Manager Parameter Storage to distribute + secrets. By default or with the value of secrets-manager, will + use AWS Secrets Manager instead. + enum: + - secrets-manager + - ssm-parameter-store + type: string + type: object + iamInstanceProfile: + description: IAMInstanceProfile is a name of an IAM instance profile + to assign to the instance + type: string + ignition: + description: Ignition defined options related to the bootstrapping + systems where Ignition is used. + properties: + storageType: + default: ClusterObjectStore + description: "StorageType defines how to store the boostrap user + data for Ignition. This can be used to instruct Ignition from + where to fetch the user data to bootstrap an instance. \n When + omitted, the storage option will default to ClusterObjectStore. + \n When set to \"ClusterObjectStore\", if the capability is + available and a Cluster ObjectStore configuration is correctly + provided in the Cluster object (under .spec.s3Bucket), an object + store will be used to store bootstrap user data. \n When set + to \"UnencryptedUserData\", EC2 Instance User Data will be used + to store the machine bootstrap user data, unencrypted. This + option is considered less secure than others as user data may + contain sensitive informations (keys, certificates, etc.) and + users with ec2:DescribeInstances permission or users running + pods that can access the ec2 metadata service have access to + this sensitive information. So this is only to be used at ones + own risk, and only when other more secure options are not viable." + enum: + - ClusterObjectStore + - UnencryptedUserData + type: string + version: + default: "2.3" + description: Version defines which version of Ignition will be + used to generate bootstrap data. + enum: + - "2.3" + - "3.0" + - "3.1" + - "3.2" + - "3.3" + - "3.4" + type: string + type: object + imageLookupBaseOS: + description: ImageLookupBaseOS is the name of the base operating system + to use for image lookup the AMI is not set. + type: string + imageLookupFormat: + description: 'ImageLookupFormat is the AMI naming format to look up + the image for this machine It will be ignored if an explicit AMI + is set. Supports substitutions for {{.BaseOS}} and {{.K8sVersion}} + with the base OS and kubernetes version, respectively. The BaseOS + will be the value in ImageLookupBaseOS or ubuntu (the default), + and the kubernetes version as defined by the packages produced by + kubernetes/release without v as a prefix: 1.13.0, 1.12.5-mybuild.1, + or 1.17.3. For example, the default image format of capa-ami-{{.BaseOS}}-?{{.K8sVersion}}-* + will end up searching for AMIs that match the pattern capa-ami-ubuntu-?1.18.0-* + for a Machine that is targeting kubernetes v1.18.0 and the ubuntu + base OS. See also: https://golang.org/pkg/text/template/' + type: string + imageLookupOrg: + description: ImageLookupOrg is the AWS Organization ID to use for + image lookup if AMI is not set. + type: string + instanceID: + description: InstanceID is the EC2 instance ID for this machine. + type: string + instanceMetadataOptions: + description: InstanceMetadataOptions is the metadata options for the + EC2 instance. + properties: + httpEndpoint: + default: enabled + description: "Enables or disables the HTTP metadata endpoint on + your instances. \n If you specify a value of disabled, you cannot + access your instance metadata. \n Default: enabled" + enum: + - enabled + - disabled + type: string + httpPutResponseHopLimit: + default: 1 + description: "The desired HTTP PUT response hop limit for instance + metadata requests. The larger the number, the further instance + metadata requests can travel. \n Default: 1" + format: int64 + maximum: 64 + minimum: 1 + type: integer + httpTokens: + default: optional + description: "The state of token usage for your instance metadata + requests. \n If the state is optional, you can choose to retrieve + instance metadata with or without a session token on your request. + If you retrieve the IAM role credentials without a token, the + version 1.0 role credentials are returned. If you retrieve the + IAM role credentials using a valid session token, the version + 2.0 role credentials are returned. \n If the state is required, + you must send a session token with any instance metadata retrieval + requests. In this state, retrieving the IAM role credentials + always returns the version 2.0 credentials; the version 1.0 + credentials are not available. \n Default: optional" + enum: + - optional + - required + type: string + instanceMetadataTags: + default: disabled + description: "Set to enabled to allow access to instance tags + from the instance metadata. Set to disabled to turn off access + to instance tags from the instance metadata. For more information, + see Work with instance tags using the instance metadata (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Using_Tags.html#work-with-tags-in-IMDS). + \n Default: disabled" + enum: + - enabled + - disabled + type: string + type: object + instanceType: + description: 'InstanceType is the type of instance to create. Example: + m4.xlarge' + minLength: 2 + type: string + networkInterfaces: + description: NetworkInterfaces is a list of ENIs to associate with + the instance. A maximum of 2 may be specified. + items: + type: string + maxItems: 2 + type: array + nonRootVolumes: + description: Configuration options for the non root storage volumes. + items: + description: Volume encapsulates the configuration options for the + storage device. + properties: + deviceName: + description: Device name + type: string + encrypted: + description: Encrypted is whether the volume should be encrypted + or not. + type: boolean + encryptionKey: + description: EncryptionKey is the KMS key to use to encrypt + the volume. Can be either a KMS key ID or ARN. If Encrypted + is set and this is omitted, the default AWS key will be used. + The key must already exist and be accessible by the controller. + type: string + iops: + description: IOPS is the number of IOPS requested for the disk. + Not applicable to all types. + format: int64 + type: integer + size: + description: Size specifies size (in Gi) of the storage device. + Must be greater than the image snapshot size or 8 (whichever + is greater). + format: int64 + minimum: 8 + type: integer + throughput: + description: Throughput to provision in MiB/s supported for + the volume type. Not applicable to all types. + format: int64 + type: integer + type: + description: Type is the type of the volume (e.g. gp2, io1, + etc...). + type: string + required: + - size + type: object + type: array + placementGroupName: + description: PlacementGroupName specifies the name of the placement + group in which to launch the instance. + type: string + privateDnsName: + description: PrivateDNSName is the options for the instance hostname. + properties: + enableResourceNameDnsAAAARecord: + description: EnableResourceNameDNSAAAARecord indicates whether + to respond to DNS queries for instance hostnames with DNS AAAA + records. + type: boolean + enableResourceNameDnsARecord: + description: EnableResourceNameDNSARecord indicates whether to + respond to DNS queries for instance hostnames with DNS A records. + type: boolean + hostnameType: + description: The type of hostname to assign to an instance. + enum: + - ip-name + - resource-name + type: string + type: object + providerID: + description: ProviderID is the unique identifier as specified by the + cloud provider. + type: string + publicIP: + description: 'PublicIP specifies whether the instance should get a + public IP. Precedence for this setting is as follows: 1. This field + if set 2. Cluster/flavor setting 3. Subnet default' + type: boolean + rootVolume: + description: RootVolume encapsulates the configuration options for + the root volume + properties: + deviceName: + description: Device name + type: string + encrypted: + description: Encrypted is whether the volume should be encrypted + or not. + type: boolean + encryptionKey: + description: EncryptionKey is the KMS key to use to encrypt the + volume. Can be either a KMS key ID or ARN. If Encrypted is set + and this is omitted, the default AWS key will be used. The key + must already exist and be accessible by the controller. + type: string + iops: + description: IOPS is the number of IOPS requested for the disk. + Not applicable to all types. + format: int64 + type: integer + size: + description: Size specifies size (in Gi) of the storage device. + Must be greater than the image snapshot size or 8 (whichever + is greater). + format: int64 + minimum: 8 + type: integer + throughput: + description: Throughput to provision in MiB/s supported for the + volume type. Not applicable to all types. + format: int64 + type: integer + type: + description: Type is the type of the volume (e.g. gp2, io1, etc...). + type: string + required: + - size + type: object + securityGroupOverrides: + additionalProperties: + type: string + description: SecurityGroupOverrides is an optional set of security + groups to use for the node. This is optional - if not provided security + groups from the cluster will be used. + type: object + spotMarketOptions: + description: SpotMarketOptions allows users to configure instances + to be run using AWS Spot instances. + properties: + maxPrice: + description: MaxPrice defines the maximum price the user is willing + to pay for Spot VM instances + type: string + type: object + sshKeyName: + description: SSHKeyName is the name of the ssh key to attach to the + instance. Valid values are empty string (do not use SSH keys), a + valid SSH key name, or omitted (use the default SSH key name) + type: string + subnet: + description: Subnet is a reference to the subnet to use for this instance. + If not specified, the cluster subnet will be used. + properties: + filters: + description: 'Filters is a set of key/value pairs used to identify + a resource They are applied according to the rules defined by + the AWS API: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Using_Filtering.html' + items: + description: Filter is a filter used to identify an AWS resource. + properties: + name: + description: Name of the filter. Filter names are case-sensitive. + type: string + values: + description: Values includes one or more filter values. + Filter values are case-sensitive. + items: + type: string + type: array + required: + - name + - values + type: object + type: array + id: + description: ID of resource + type: string + type: object + tenancy: + description: Tenancy indicates if instance should run on shared or + single-tenant hardware. + enum: + - default + - dedicated + - host + type: string + uncompressedUserData: + description: UncompressedUserData specify whether the user data is + gzip-compressed before it is sent to ec2 instance. cloud-init has + built-in support for gzip-compressed user data user data stored + in aws secret manager is always gzip-compressed. + type: boolean + required: + - instanceType + type: object + status: + description: AWSMachineStatus defines the observed state of AWSMachine. + properties: + addresses: + description: Addresses contains the AWS instance associated addresses. + items: + description: MachineAddress contains information for the node's + address. + properties: + address: + description: The machine address. + type: string + type: + description: Machine address type, one of Hostname, ExternalIP, + InternalIP, ExternalDNS or InternalDNS. + type: string + required: + - address + - type + type: object + type: array + conditions: + description: Conditions defines current service state of the AWSMachine. + items: + description: Condition defines an observation of a Cluster API resource + operational state. + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. This should be when the underlying condition changed. + If that is not known, then using the time when the API field + changed is acceptable. + format: date-time + type: string + message: + description: A human readable message indicating details about + the transition. This field may be empty. + type: string + reason: + description: The reason for the condition's last transition + in CamelCase. The specific API may choose whether or not this + field is considered a guaranteed API. This field may not be + empty. + type: string + severity: + description: Severity provides an explicit classification of + Reason code, so the users or machines can immediately understand + the current situation and act accordingly. The Severity field + MUST be set only when Status=False. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition in CamelCase or in foo.example.com/CamelCase. + Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be useful + (see .node.status.conditions), the ability to deconflict is + important. + type: string + required: + - lastTransitionTime + - status + - type + type: object + type: array + failureMessage: + description: "FailureMessage will be set in the event that there is + a terminal problem reconciling the Machine and will contain a more + verbose string suitable for logging and human consumption. \n This + field should not be set for transitive errors that a controller + faces that are expected to be fixed automatically over time (like + service outages), but instead indicate that something is fundamentally + wrong with the Machine's spec or the configuration of the controller, + and that manual intervention is required. Examples of terminal errors + would be invalid combinations of settings in the spec, values that + are unsupported by the controller, or the responsible controller + itself being critically misconfigured. \n Any transient errors that + occur during the reconciliation of Machines can be added as events + to the Machine object and/or logged in the controller's output." + type: string + failureReason: + description: "FailureReason will be set in the event that there is + a terminal problem reconciling the Machine and will contain a succinct + value suitable for machine interpretation. \n This field should + not be set for transitive errors that a controller faces that are + expected to be fixed automatically over time (like service outages), + but instead indicate that something is fundamentally wrong with + the Machine's spec or the configuration of the controller, and that + manual intervention is required. Examples of terminal errors would + be invalid combinations of settings in the spec, values that are + unsupported by the controller, or the responsible controller itself + being critically misconfigured. \n Any transient errors that occur + during the reconciliation of Machines can be added as events to + the Machine object and/or logged in the controller's output." + type: string + instanceState: + description: InstanceState is the state of the AWS instance for this + machine. + type: string + interruptible: + description: Interruptible reports that this machine is using spot + instances and can therefore be interrupted by CAPI when it receives + a notice that the spot instance is to be terminated by AWS. This + will be set to true when SpotMarketOptions is not nil (i.e. this + machine is using a spot instance). + type: boolean + ready: + description: Ready is true when the provider resource is ready. + type: boolean + type: object + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cert-manager.io/inject-ca-from: capa-system/capa-serving-cert + controller-gen.kubebuilder.io/version: v0.13.0 + labels: + cluster.x-k8s.io/provider: infrastructure-aws + cluster.x-k8s.io/v1alpha3: v1alpha3 + cluster.x-k8s.io/v1alpha4: v1alpha4 + cluster.x-k8s.io/v1beta1: v1beta1_v1beta2 + name: awsmachinetemplates.infrastructure.cluster.x-k8s.io +spec: + conversion: + strategy: Webhook + webhook: + clientConfig: + caBundle: Cg== + service: + name: capa-webhook-service + namespace: capa-system + path: /convert + conversionReviewVersions: + - v1 + - v1beta1 + group: infrastructure.cluster.x-k8s.io + names: + categories: + - cluster-api + kind: AWSMachineTemplate + listKind: AWSMachineTemplateList + plural: awsmachinetemplates + shortNames: + - awsmt + singular: awsmachinetemplate + scope: Namespaced + versions: + - name: v1beta1 + schema: + openAPIV3Schema: + description: AWSMachineTemplate is the schema for the Amazon EC2 Machine Templates + API. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: AWSMachineTemplateSpec defines the desired state of AWSMachineTemplate. + properties: + template: + description: AWSMachineTemplateResource describes the data needed + to create am AWSMachine from a template. + properties: + metadata: + description: 'Standard object''s metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata' + properties: + annotations: + additionalProperties: + type: string + description: 'Annotations is an unstructured key value map + stored with a resource that may be set by external tools + to store and retrieve arbitrary metadata. They are not queryable + and should be preserved when modifying objects. More info: + http://kubernetes.io/docs/user-guide/annotations' + type: object + labels: + additionalProperties: + type: string + description: 'Map of string keys and values that can be used + to organize and categorize (scope and select) objects. May + match selectors of replication controllers and services. + More info: http://kubernetes.io/docs/user-guide/labels' + type: object + type: object + spec: + description: Spec is the specification of the desired behavior + of the machine. + properties: + additionalSecurityGroups: + description: AdditionalSecurityGroups is an array of references + to security groups that should be applied to the instance. + These security groups would be set in addition to any security + groups defined at the cluster level or in the actuator. + It is possible to specify either IDs of Filters. Using Filters + will cause additional requests to AWS API and if tags change + the attached security groups might change too. + items: + description: AWSResourceReference is a reference to a specific + AWS resource by ID or filters. Only one of ID or Filters + may be specified. Specifying more than one will result + in a validation error. + properties: + arn: + description: 'ARN of resource. Deprecated: This field + has no function and is going to be removed in the + next release.' + type: string + filters: + description: 'Filters is a set of key/value pairs used + to identify a resource They are applied according + to the rules defined by the AWS API: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Using_Filtering.html' + items: + description: Filter is a filter used to identify an + AWS resource. + properties: + name: + description: Name of the filter. Filter names + are case-sensitive. + type: string + values: + description: Values includes one or more filter + values. Filter values are case-sensitive. + items: + type: string + type: array + required: + - name + - values + type: object + type: array + id: + description: ID of resource + type: string + type: object + type: array + additionalTags: + additionalProperties: + type: string + description: AdditionalTags is an optional set of tags to + add to an instance, in addition to the ones added by default + by the AWS provider. If both the AWSCluster and the AWSMachine + specify the same tag name with different values, the AWSMachine's + value takes precedence. + type: object + ami: + description: AMI is the reference to the AMI from which to + create the machine instance. + properties: + eksLookupType: + description: EKSOptimizedLookupType If specified, will + look up an EKS Optimized image in SSM Parameter store + enum: + - AmazonLinux + - AmazonLinuxGPU + type: string + id: + description: ID of resource + type: string + type: object + cloudInit: + description: CloudInit defines options related to the bootstrapping + systems where CloudInit is used. + properties: + insecureSkipSecretsManager: + description: InsecureSkipSecretsManager, when set to true + will not use AWS Secrets Manager or AWS Systems Manager + Parameter Store to ensure privacy of userdata. By default, + a cloud-init boothook shell script is prepended to download + the userdata from Secrets Manager and additionally delete + the secret. + type: boolean + secretCount: + description: SecretCount is the number of secrets used + to form the complete secret + format: int32 + type: integer + secretPrefix: + description: SecretPrefix is the prefix for the secret + name. This is stored temporarily, and deleted when the + machine registers as a node against the workload cluster. + type: string + secureSecretsBackend: + description: SecureSecretsBackend, when set to parameter-store + will utilize the AWS Systems Manager Parameter Storage + to distribute secrets. By default or with the value + of secrets-manager, will use AWS Secrets Manager instead. + enum: + - secrets-manager + - ssm-parameter-store + type: string + type: object + failureDomain: + description: FailureDomain is the failure domain unique identifier + this Machine should be attached to, as defined in Cluster + API. For this infrastructure provider, the ID is equivalent + to an AWS Availability Zone. If multiple subnets are matched + for the availability zone, the first one returned is picked. + type: string + iamInstanceProfile: + description: IAMInstanceProfile is a name of an IAM instance + profile to assign to the instance + type: string + ignition: + description: Ignition defined options related to the bootstrapping + systems where Ignition is used. + properties: + version: + default: "2.3" + description: Version defines which version of Ignition + will be used to generate bootstrap data. + enum: + - "2.3" + type: string + type: object + imageLookupBaseOS: + description: ImageLookupBaseOS is the name of the base operating + system to use for image lookup the AMI is not set. + type: string + imageLookupFormat: + description: 'ImageLookupFormat is the AMI naming format to + look up the image for this machine It will be ignored if + an explicit AMI is set. Supports substitutions for {{.BaseOS}} + and {{.K8sVersion}} with the base OS and kubernetes version, + respectively. The BaseOS will be the value in ImageLookupBaseOS + or ubuntu (the default), and the kubernetes version as defined + by the packages produced by kubernetes/release without v + as a prefix: 1.13.0, 1.12.5-mybuild.1, or 1.17.3. For example, + the default image format of capa-ami-{{.BaseOS}}-?{{.K8sVersion}}-* + will end up searching for AMIs that match the pattern capa-ami-ubuntu-?1.18.0-* + for a Machine that is targeting kubernetes v1.18.0 and the + ubuntu base OS. See also: https://golang.org/pkg/text/template/' + type: string + imageLookupOrg: + description: ImageLookupOrg is the AWS Organization ID to + use for image lookup if AMI is not set. + type: string + instanceID: + description: InstanceID is the EC2 instance ID for this machine. + type: string + instanceType: + description: 'InstanceType is the type of instance to create. + Example: m4.xlarge' + minLength: 2 + type: string + networkInterfaces: + description: NetworkInterfaces is a list of ENIs to associate + with the instance. A maximum of 2 may be specified. + items: + type: string + maxItems: 2 + type: array + nonRootVolumes: + description: Configuration options for the non root storage + volumes. + items: + description: Volume encapsulates the configuration options + for the storage device. + properties: + deviceName: + description: Device name + type: string + encrypted: + description: Encrypted is whether the volume should + be encrypted or not. + type: boolean + encryptionKey: + description: EncryptionKey is the KMS key to use to + encrypt the volume. Can be either a KMS key ID or + ARN. If Encrypted is set and this is omitted, the + default AWS key will be used. The key must already + exist and be accessible by the controller. + type: string + iops: + description: IOPS is the number of IOPS requested for + the disk. Not applicable to all types. + format: int64 + type: integer + size: + description: Size specifies size (in Gi) of the storage + device. Must be greater than the image snapshot size + or 8 (whichever is greater). + format: int64 + minimum: 8 + type: integer + throughput: + description: Throughput to provision in MiB/s supported + for the volume type. Not applicable to all types. + format: int64 + type: integer + type: + description: Type is the type of the volume (e.g. gp2, + io1, etc...). + type: string + required: + - size + type: object + type: array + providerID: + description: ProviderID is the unique identifier as specified + by the cloud provider. + type: string + publicIP: + description: 'PublicIP specifies whether the instance should + get a public IP. Precedence for this setting is as follows: + 1. This field if set 2. Cluster/flavor setting 3. Subnet + default' + type: boolean + rootVolume: + description: RootVolume encapsulates the configuration options + for the root volume + properties: + deviceName: + description: Device name + type: string + encrypted: + description: Encrypted is whether the volume should be + encrypted or not. + type: boolean + encryptionKey: + description: EncryptionKey is the KMS key to use to encrypt + the volume. Can be either a KMS key ID or ARN. If Encrypted + is set and this is omitted, the default AWS key will + be used. The key must already exist and be accessible + by the controller. + type: string + iops: + description: IOPS is the number of IOPS requested for + the disk. Not applicable to all types. + format: int64 + type: integer + size: + description: Size specifies size (in Gi) of the storage + device. Must be greater than the image snapshot size + or 8 (whichever is greater). + format: int64 + minimum: 8 + type: integer + throughput: + description: Throughput to provision in MiB/s supported + for the volume type. Not applicable to all types. + format: int64 + type: integer + type: + description: Type is the type of the volume (e.g. gp2, + io1, etc...). + type: string + required: + - size + type: object + spotMarketOptions: + description: SpotMarketOptions allows users to configure instances + to be run using AWS Spot instances. + properties: + maxPrice: + description: MaxPrice defines the maximum price the user + is willing to pay for Spot VM instances + type: string + type: object + sshKeyName: + description: SSHKeyName is the name of the ssh key to attach + to the instance. Valid values are empty string (do not use + SSH keys), a valid SSH key name, or omitted (use the default + SSH key name) + type: string + subnet: + description: Subnet is a reference to the subnet to use for + this instance. If not specified, the cluster subnet will + be used. + properties: + arn: + description: 'ARN of resource. Deprecated: This field + has no function and is going to be removed in the next + release.' + type: string + filters: + description: 'Filters is a set of key/value pairs used + to identify a resource They are applied according to + the rules defined by the AWS API: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Using_Filtering.html' + items: + description: Filter is a filter used to identify an + AWS resource. + properties: + name: + description: Name of the filter. Filter names are + case-sensitive. + type: string + values: + description: Values includes one or more filter + values. Filter values are case-sensitive. + items: + type: string + type: array + required: + - name + - values + type: object + type: array + id: + description: ID of resource + type: string + type: object + tenancy: + description: Tenancy indicates if instance should run on shared + or single-tenant hardware. + enum: + - default + - dedicated + - host + type: string + uncompressedUserData: + description: UncompressedUserData specify whether the user + data is gzip-compressed before it is sent to ec2 instance. + cloud-init has built-in support for gzip-compressed user + data user data stored in aws secret manager is always gzip-compressed. + type: boolean + required: + - instanceType + type: object + required: + - spec + type: object + required: + - template + type: object + status: + description: AWSMachineTemplateStatus defines a status for an AWSMachineTemplate. + properties: + capacity: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Capacity defines the resource capacity for this machine. + This value is used for autoscaling from zero operations as defined + in: https://github.com/kubernetes-sigs/cluster-api/blob/main/docs/proposals/20210310-opt-in-autoscaling-from-zero.md' + type: object + type: object + type: object + served: false + storage: false + - name: v1beta2 + schema: + openAPIV3Schema: + description: AWSMachineTemplate is the schema for the Amazon EC2 Machine Templates + API. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: AWSMachineTemplateSpec defines the desired state of AWSMachineTemplate. + properties: + template: + description: AWSMachineTemplateResource describes the data needed + to create am AWSMachine from a template. + properties: + metadata: + description: 'Standard object''s metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata' + properties: + annotations: + additionalProperties: + type: string + description: 'Annotations is an unstructured key value map + stored with a resource that may be set by external tools + to store and retrieve arbitrary metadata. They are not queryable + and should be preserved when modifying objects. More info: + http://kubernetes.io/docs/user-guide/annotations' + type: object + labels: + additionalProperties: + type: string + description: 'Map of string keys and values that can be used + to organize and categorize (scope and select) objects. May + match selectors of replication controllers and services. + More info: http://kubernetes.io/docs/user-guide/labels' + type: object + type: object + spec: + description: Spec is the specification of the desired behavior + of the machine. + properties: + additionalSecurityGroups: + description: AdditionalSecurityGroups is an array of references + to security groups that should be applied to the instance. + These security groups would be set in addition to any security + groups defined at the cluster level or in the actuator. + It is possible to specify either IDs of Filters. Using Filters + will cause additional requests to AWS API and if tags change + the attached security groups might change too. + items: + description: AWSResourceReference is a reference to a specific + AWS resource by ID or filters. Only one of ID or Filters + may be specified. Specifying more than one will result + in a validation error. + properties: + filters: + description: 'Filters is a set of key/value pairs used + to identify a resource They are applied according + to the rules defined by the AWS API: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Using_Filtering.html' + items: + description: Filter is a filter used to identify an + AWS resource. + properties: + name: + description: Name of the filter. Filter names + are case-sensitive. + type: string + values: + description: Values includes one or more filter + values. Filter values are case-sensitive. + items: + type: string + type: array + required: + - name + - values + type: object + type: array + id: + description: ID of resource + type: string + type: object + type: array + additionalTags: + additionalProperties: + type: string + description: AdditionalTags is an optional set of tags to + add to an instance, in addition to the ones added by default + by the AWS provider. If both the AWSCluster and the AWSMachine + specify the same tag name with different values, the AWSMachine's + value takes precedence. + type: object + ami: + description: AMI is the reference to the AMI from which to + create the machine instance. + properties: + eksLookupType: + description: EKSOptimizedLookupType If specified, will + look up an EKS Optimized image in SSM Parameter store + enum: + - AmazonLinux + - AmazonLinuxGPU + type: string + id: + description: ID of resource + type: string + type: object + cloudInit: + description: CloudInit defines options related to the bootstrapping + systems where CloudInit is used. + properties: + insecureSkipSecretsManager: + description: InsecureSkipSecretsManager, when set to true + will not use AWS Secrets Manager or AWS Systems Manager + Parameter Store to ensure privacy of userdata. By default, + a cloud-init boothook shell script is prepended to download + the userdata from Secrets Manager and additionally delete + the secret. + type: boolean + secretCount: + description: SecretCount is the number of secrets used + to form the complete secret + format: int32 + type: integer + secretPrefix: + description: SecretPrefix is the prefix for the secret + name. This is stored temporarily, and deleted when the + machine registers as a node against the workload cluster. + type: string + secureSecretsBackend: + description: SecureSecretsBackend, when set to parameter-store + will utilize the AWS Systems Manager Parameter Storage + to distribute secrets. By default or with the value + of secrets-manager, will use AWS Secrets Manager instead. + enum: + - secrets-manager + - ssm-parameter-store + type: string + type: object + iamInstanceProfile: + description: IAMInstanceProfile is a name of an IAM instance + profile to assign to the instance + type: string + ignition: + description: Ignition defined options related to the bootstrapping + systems where Ignition is used. + properties: + storageType: + default: ClusterObjectStore + description: "StorageType defines how to store the boostrap + user data for Ignition. This can be used to instruct + Ignition from where to fetch the user data to bootstrap + an instance. \n When omitted, the storage option will + default to ClusterObjectStore. \n When set to \"ClusterObjectStore\", + if the capability is available and a Cluster ObjectStore + configuration is correctly provided in the Cluster object + (under .spec.s3Bucket), an object store will be used + to store bootstrap user data. \n When set to \"UnencryptedUserData\", + EC2 Instance User Data will be used to store the machine + bootstrap user data, unencrypted. This option is considered + less secure than others as user data may contain sensitive + informations (keys, certificates, etc.) and users with + ec2:DescribeInstances permission or users running pods + that can access the ec2 metadata service have access + to this sensitive information. So this is only to be + used at ones own risk, and only when other more secure + options are not viable." + enum: + - ClusterObjectStore + - UnencryptedUserData + type: string + version: + default: "2.3" + description: Version defines which version of Ignition + will be used to generate bootstrap data. + enum: + - "2.3" + - "3.0" + - "3.1" + - "3.2" + - "3.3" + - "3.4" + type: string + type: object + imageLookupBaseOS: + description: ImageLookupBaseOS is the name of the base operating + system to use for image lookup the AMI is not set. + type: string + imageLookupFormat: + description: 'ImageLookupFormat is the AMI naming format to + look up the image for this machine It will be ignored if + an explicit AMI is set. Supports substitutions for {{.BaseOS}} + and {{.K8sVersion}} with the base OS and kubernetes version, + respectively. The BaseOS will be the value in ImageLookupBaseOS + or ubuntu (the default), and the kubernetes version as defined + by the packages produced by kubernetes/release without v + as a prefix: 1.13.0, 1.12.5-mybuild.1, or 1.17.3. For example, + the default image format of capa-ami-{{.BaseOS}}-?{{.K8sVersion}}-* + will end up searching for AMIs that match the pattern capa-ami-ubuntu-?1.18.0-* + for a Machine that is targeting kubernetes v1.18.0 and the + ubuntu base OS. See also: https://golang.org/pkg/text/template/' + type: string + imageLookupOrg: + description: ImageLookupOrg is the AWS Organization ID to + use for image lookup if AMI is not set. + type: string + instanceID: + description: InstanceID is the EC2 instance ID for this machine. + type: string + instanceMetadataOptions: + description: InstanceMetadataOptions is the metadata options + for the EC2 instance. + properties: + httpEndpoint: + default: enabled + description: "Enables or disables the HTTP metadata endpoint + on your instances. \n If you specify a value of disabled, + you cannot access your instance metadata. \n Default: + enabled" + enum: + - enabled + - disabled + type: string + httpPutResponseHopLimit: + default: 1 + description: "The desired HTTP PUT response hop limit + for instance metadata requests. The larger the number, + the further instance metadata requests can travel. \n + Default: 1" + format: int64 + maximum: 64 + minimum: 1 + type: integer + httpTokens: + default: optional + description: "The state of token usage for your instance + metadata requests. \n If the state is optional, you + can choose to retrieve instance metadata with or without + a session token on your request. If you retrieve the + IAM role credentials without a token, the version 1.0 + role credentials are returned. If you retrieve the IAM + role credentials using a valid session token, the version + 2.0 role credentials are returned. \n If the state is + required, you must send a session token with any instance + metadata retrieval requests. In this state, retrieving + the IAM role credentials always returns the version + 2.0 credentials; the version 1.0 credentials are not + available. \n Default: optional" + enum: + - optional + - required + type: string + instanceMetadataTags: + default: disabled + description: "Set to enabled to allow access to instance + tags from the instance metadata. Set to disabled to + turn off access to instance tags from the instance metadata. + For more information, see Work with instance tags using + the instance metadata (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Using_Tags.html#work-with-tags-in-IMDS). + \n Default: disabled" + enum: + - enabled + - disabled + type: string + type: object + instanceType: + description: 'InstanceType is the type of instance to create. + Example: m4.xlarge' + minLength: 2 + type: string + networkInterfaces: + description: NetworkInterfaces is a list of ENIs to associate + with the instance. A maximum of 2 may be specified. + items: + type: string + maxItems: 2 + type: array + nonRootVolumes: + description: Configuration options for the non root storage + volumes. + items: + description: Volume encapsulates the configuration options + for the storage device. + properties: + deviceName: + description: Device name + type: string + encrypted: + description: Encrypted is whether the volume should + be encrypted or not. + type: boolean + encryptionKey: + description: EncryptionKey is the KMS key to use to + encrypt the volume. Can be either a KMS key ID or + ARN. If Encrypted is set and this is omitted, the + default AWS key will be used. The key must already + exist and be accessible by the controller. + type: string + iops: + description: IOPS is the number of IOPS requested for + the disk. Not applicable to all types. + format: int64 + type: integer + size: + description: Size specifies size (in Gi) of the storage + device. Must be greater than the image snapshot size + or 8 (whichever is greater). + format: int64 + minimum: 8 + type: integer + throughput: + description: Throughput to provision in MiB/s supported + for the volume type. Not applicable to all types. + format: int64 + type: integer + type: + description: Type is the type of the volume (e.g. gp2, + io1, etc...). + type: string + required: + - size + type: object + type: array + placementGroupName: + description: PlacementGroupName specifies the name of the + placement group in which to launch the instance. + type: string + privateDnsName: + description: PrivateDNSName is the options for the instance + hostname. + properties: + enableResourceNameDnsAAAARecord: + description: EnableResourceNameDNSAAAARecord indicates + whether to respond to DNS queries for instance hostnames + with DNS AAAA records. + type: boolean + enableResourceNameDnsARecord: + description: EnableResourceNameDNSARecord indicates whether + to respond to DNS queries for instance hostnames with + DNS A records. + type: boolean + hostnameType: + description: The type of hostname to assign to an instance. + enum: + - ip-name + - resource-name + type: string + type: object + providerID: + description: ProviderID is the unique identifier as specified + by the cloud provider. + type: string + publicIP: + description: 'PublicIP specifies whether the instance should + get a public IP. Precedence for this setting is as follows: + 1. This field if set 2. Cluster/flavor setting 3. Subnet + default' + type: boolean + rootVolume: + description: RootVolume encapsulates the configuration options + for the root volume + properties: + deviceName: + description: Device name + type: string + encrypted: + description: Encrypted is whether the volume should be + encrypted or not. + type: boolean + encryptionKey: + description: EncryptionKey is the KMS key to use to encrypt + the volume. Can be either a KMS key ID or ARN. If Encrypted + is set and this is omitted, the default AWS key will + be used. The key must already exist and be accessible + by the controller. + type: string + iops: + description: IOPS is the number of IOPS requested for + the disk. Not applicable to all types. + format: int64 + type: integer + size: + description: Size specifies size (in Gi) of the storage + device. Must be greater than the image snapshot size + or 8 (whichever is greater). + format: int64 + minimum: 8 + type: integer + throughput: + description: Throughput to provision in MiB/s supported + for the volume type. Not applicable to all types. + format: int64 + type: integer + type: + description: Type is the type of the volume (e.g. gp2, + io1, etc...). + type: string + required: + - size + type: object + securityGroupOverrides: + additionalProperties: + type: string + description: SecurityGroupOverrides is an optional set of + security groups to use for the node. This is optional - + if not provided security groups from the cluster will be + used. + type: object + spotMarketOptions: + description: SpotMarketOptions allows users to configure instances + to be run using AWS Spot instances. + properties: + maxPrice: + description: MaxPrice defines the maximum price the user + is willing to pay for Spot VM instances + type: string + type: object + sshKeyName: + description: SSHKeyName is the name of the ssh key to attach + to the instance. Valid values are empty string (do not use + SSH keys), a valid SSH key name, or omitted (use the default + SSH key name) + type: string + subnet: + description: Subnet is a reference to the subnet to use for + this instance. If not specified, the cluster subnet will + be used. + properties: + filters: + description: 'Filters is a set of key/value pairs used + to identify a resource They are applied according to + the rules defined by the AWS API: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Using_Filtering.html' + items: + description: Filter is a filter used to identify an + AWS resource. + properties: + name: + description: Name of the filter. Filter names are + case-sensitive. + type: string + values: + description: Values includes one or more filter + values. Filter values are case-sensitive. + items: + type: string + type: array + required: + - name + - values + type: object + type: array + id: + description: ID of resource + type: string + type: object + tenancy: + description: Tenancy indicates if instance should run on shared + or single-tenant hardware. + enum: + - default + - dedicated + - host + type: string + uncompressedUserData: + description: UncompressedUserData specify whether the user + data is gzip-compressed before it is sent to ec2 instance. + cloud-init has built-in support for gzip-compressed user + data user data stored in aws secret manager is always gzip-compressed. + type: boolean + required: + - instanceType + type: object + required: + - spec + type: object + required: + - template + type: object + status: + description: AWSMachineTemplateStatus defines a status for an AWSMachineTemplate. + properties: + capacity: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Capacity defines the resource capacity for this machine. + This value is used for autoscaling from zero operations as defined + in: https://github.com/kubernetes-sigs/cluster-api/blob/main/docs/proposals/20210310-opt-in-autoscaling-from-zero.md' + type: object + type: object + type: object + served: true + storage: true +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cert-manager.io/inject-ca-from: capa-system/capa-serving-cert + controller-gen.kubebuilder.io/version: v0.13.0 + labels: + cluster.x-k8s.io/provider: infrastructure-aws + cluster.x-k8s.io/v1alpha3: v1alpha3 + cluster.x-k8s.io/v1alpha4: v1alpha4 + cluster.x-k8s.io/v1beta1: v1beta1_v1beta2 + name: awsmanagedclusters.infrastructure.cluster.x-k8s.io +spec: + group: infrastructure.cluster.x-k8s.io + names: + categories: + - cluster-api + kind: AWSManagedCluster + listKind: AWSManagedClusterList + plural: awsmanagedclusters + shortNames: + - awsmc + singular: awsmanagedcluster + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: Cluster to which this AWSManagedControl belongs + jsonPath: .metadata.labels.cluster\.x-k8s\.io/cluster-name + name: Cluster + type: string + - description: Control plane infrastructure is ready for worker nodes + jsonPath: .status.ready + name: Ready + type: string + - description: API Endpoint + jsonPath: .spec.controlPlaneEndpoint.host + name: Endpoint + priority: 1 + type: string + name: v1beta2 + schema: + openAPIV3Schema: + description: AWSManagedCluster is the Schema for the awsmanagedclusters API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: AWSManagedClusterSpec defines the desired state of AWSManagedCluster + properties: + controlPlaneEndpoint: + description: ControlPlaneEndpoint represents the endpoint used to + communicate with the control plane. + properties: + host: + description: The hostname on which the API server is serving. + type: string + port: + description: The port on which the API server is serving. + format: int32 + type: integer + required: + - host + - port + type: object + type: object + status: + description: AWSManagedClusterStatus defines the observed state of AWSManagedCluster + properties: + failureDomains: + additionalProperties: + description: FailureDomainSpec is the Schema for Cluster API failure + domains. It allows controllers to understand how many failure + domains a cluster can optionally span across. + properties: + attributes: + additionalProperties: + type: string + description: Attributes is a free form map of attributes an + infrastructure provider might use or require. + type: object + controlPlane: + description: ControlPlane determines if this failure domain + is suitable for use by control plane machines. + type: boolean + type: object + description: FailureDomains specifies a list fo available availability + zones that can be used + type: object + ready: + description: Ready is when the AWSManagedControlPlane has a API server + URL. + type: boolean + type: object + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cert-manager.io/inject-ca-from: capa-system/capa-serving-cert + controller-gen.kubebuilder.io/version: v0.13.0 + labels: + cluster.x-k8s.io/provider: infrastructure-aws + cluster.x-k8s.io/v1alpha3: v1alpha3 + cluster.x-k8s.io/v1alpha4: v1alpha4 + cluster.x-k8s.io/v1beta1: v1beta1_v1beta2 + name: awsmanagedcontrolplanes.controlplane.cluster.x-k8s.io +spec: + conversion: + strategy: Webhook + webhook: + clientConfig: + caBundle: Cg== + service: + name: capa-webhook-service + namespace: capa-system + path: /convert + conversionReviewVersions: + - v1 + - v1beta1 + group: controlplane.cluster.x-k8s.io + names: + categories: + - cluster-api + kind: AWSManagedControlPlane + listKind: AWSManagedControlPlaneList + plural: awsmanagedcontrolplanes + shortNames: + - awsmcp + singular: awsmanagedcontrolplane + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: Cluster to which this AWSManagedControl belongs + jsonPath: .metadata.labels.cluster\.x-k8s\.io/cluster-name + name: Cluster + type: string + - description: Control plane infrastructure is ready for worker nodes + jsonPath: .status.ready + name: Ready + type: string + - description: AWS VPC the control plane is using + jsonPath: .spec.network.vpc.id + name: VPC + type: string + - description: API Endpoint + jsonPath: .spec.controlPlaneEndpoint.host + name: Endpoint + priority: 1 + type: string + - description: Bastion IP address for breakglass access + jsonPath: .status.bastion.publicIp + name: Bastion IP + type: string + name: v1beta1 + schema: + openAPIV3Schema: + description: AWSManagedControlPlane is the schema for the Amazon EKS Managed + Control Plane API. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: AWSManagedControlPlaneSpec defines the desired state of an + Amazon EKS Cluster. + properties: + additionalTags: + additionalProperties: + type: string + description: AdditionalTags is an optional set of tags to add to AWS + resources managed by the AWS provider, in addition to the ones added + by default. + type: object + addons: + description: Addons defines the EKS addons to enable with the EKS + cluster. + items: + description: Addon represents a EKS addon. + properties: + configuration: + description: Configuration of the EKS addon + type: string + conflictResolution: + default: none + description: ConflictResolution is used to declare what should + happen if there are parameter conflicts. Defaults to none + enum: + - overwrite + - none + type: string + name: + description: Name is the name of the addon + minLength: 2 + type: string + serviceAccountRoleARN: + description: ServiceAccountRoleArn is the ARN of an IAM role + to bind to the addons service account + type: string + version: + description: Version is the version of the addon to use + type: string + required: + - name + - version + type: object + type: array + associateOIDCProvider: + default: false + description: AssociateOIDCProvider can be enabled to automatically + create an identity provider for the controller for use with IAM + roles for service accounts + type: boolean + bastion: + description: Bastion contains options to configure the bastion host. + properties: + allowedCIDRBlocks: + description: AllowedCIDRBlocks is a list of CIDR blocks allowed + to access the bastion host. They are set as ingress rules for + the Bastion host's Security Group (defaults to 0.0.0.0/0). + items: + type: string + type: array + ami: + description: AMI will use the specified AMI to boot the bastion. + If not specified, the AMI will default to one picked out in + public space. + type: string + disableIngressRules: + description: DisableIngressRules will ensure there are no Ingress + rules in the bastion host's security group. Requires AllowedCIDRBlocks + to be empty. + type: boolean + enabled: + description: Enabled allows this provider to create a bastion + host instance with a public ip to access the VPC private network. + type: boolean + instanceType: + description: InstanceType will use the specified instance type + for the bastion. If not specified, Cluster API Provider AWS + will use t3.micro for all regions except us-east-1, where t2.micro + will be the default. + type: string + type: object + controlPlaneEndpoint: + description: ControlPlaneEndpoint represents the endpoint used to + communicate with the control plane. + properties: + host: + description: The hostname on which the API server is serving. + type: string + port: + description: The port on which the API server is serving. + format: int32 + type: integer + required: + - host + - port + type: object + disableVPCCNI: + default: false + description: DisableVPCCNI indicates that the Amazon VPC CNI should + be disabled. With EKS clusters the Amazon VPC CNI is automatically + installed into the cluster. For clusters where you want to use an + alternate CNI this option provides a way to specify that the Amazon + VPC CNI should be deleted. You cannot set this to true if you are + using the Amazon VPC CNI addon. + type: boolean + eksClusterName: + description: EKSClusterName allows you to specify the name of the + EKS cluster in AWS. If you don't specify a name then a default name + will be created based on the namespace and name of the managed control + plane. + type: string + encryptionConfig: + description: EncryptionConfig specifies the encryption configuration + for the cluster + properties: + provider: + description: Provider specifies the ARN or alias of the CMK (in + AWS KMS) + type: string + resources: + description: Resources specifies the resources to be encrypted + items: + type: string + type: array + type: object + endpointAccess: + description: Endpoints specifies access to this cluster's control + plane endpoints + properties: + private: + description: Private points VPC-internal control plane access + to the private endpoint + type: boolean + public: + description: Public controls whether control plane endpoints are + publicly accessible + type: boolean + publicCIDRs: + description: PublicCIDRs specifies which blocks can access the + public endpoint + items: + type: string + type: array + type: object + iamAuthenticatorConfig: + description: IAMAuthenticatorConfig allows the specification of any + additional user or role mappings for use when generating the aws-iam-authenticator + configuration. If this is nil the default configuration is still + generated for the cluster. + properties: + mapRoles: + description: RoleMappings is a list of role mappings + items: + description: RoleMapping represents a mapping from a IAM role + to Kubernetes users and groups. + properties: + groups: + description: Groups is a list of kubernetes RBAC groups + items: + type: string + type: array + rolearn: + description: RoleARN is the AWS ARN for the role to map + minLength: 31 + type: string + username: + description: UserName is a kubernetes RBAC user subject + type: string + required: + - groups + - rolearn + - username + type: object + type: array + mapUsers: + description: UserMappings is a list of user mappings + items: + description: UserMapping represents a mapping from an IAM user + to Kubernetes users and groups. + properties: + groups: + description: Groups is a list of kubernetes RBAC groups + items: + type: string + type: array + userarn: + description: UserARN is the AWS ARN for the user to map + minLength: 31 + type: string + username: + description: UserName is a kubernetes RBAC user subject + type: string + required: + - groups + - userarn + - username + type: object + type: array + type: object + identityRef: + description: IdentityRef is a reference to an identity to be used + when reconciling the managed control plane. If no identity is specified, + the default identity for this controller will be used. + properties: + kind: + description: Kind of the identity. + enum: + - AWSClusterControllerIdentity + - AWSClusterRoleIdentity + - AWSClusterStaticIdentity + type: string + name: + description: Name of the identity. + minLength: 1 + type: string + required: + - kind + - name + type: object + imageLookupBaseOS: + description: ImageLookupBaseOS is the name of the base operating system + used to look up machine images when a machine does not specify an + AMI. When set, this will be used for all cluster machines unless + a machine specifies a different ImageLookupBaseOS. + type: string + imageLookupFormat: + description: 'ImageLookupFormat is the AMI naming format to look up + machine images when a machine does not specify an AMI. When set, + this will be used for all cluster machines unless a machine specifies + a different ImageLookupOrg. Supports substitutions for {{.BaseOS}} + and {{.K8sVersion}} with the base OS and kubernetes version, respectively. + The BaseOS will be the value in ImageLookupBaseOS or ubuntu (the + default), and the kubernetes version as defined by the packages + produced by kubernetes/release without v as a prefix: 1.13.0, 1.12.5-mybuild.1, + or 1.17.3. For example, the default image format of capa-ami-{{.BaseOS}}-?{{.K8sVersion}}-* + will end up searching for AMIs that match the pattern capa-ami-ubuntu-?1.18.0-* + for a Machine that is targeting kubernetes v1.18.0 and the ubuntu + base OS. See also: https://golang.org/pkg/text/template/' + type: string + imageLookupOrg: + description: ImageLookupOrg is the AWS Organization ID to look up + machine images when a machine does not specify an AMI. When set, + this will be used for all cluster machines unless a machine specifies + a different ImageLookupOrg. + type: string + kubeProxy: + description: KubeProxy defines managed attributes of the kube-proxy + daemonset + properties: + disable: + default: false + description: Disable set to true indicates that kube-proxy should + be disabled. With EKS clusters kube-proxy is automatically installed + into the cluster. For clusters where you want to use kube-proxy + functionality that is provided with an alternate CNI, this option + provides a way to specify that the kube-proxy daemonset should + be deleted. You cannot set this to true if you are using the + Amazon kube-proxy addon. + type: boolean + type: object + logging: + description: Logging specifies which EKS Cluster logs should be enabled. + Entries for each of the enabled logs will be sent to CloudWatch + properties: + apiServer: + default: false + description: APIServer indicates if the Kubernetes API Server + log (kube-apiserver) shoulkd be enabled + type: boolean + audit: + default: false + description: Audit indicates if the Kubernetes API audit log should + be enabled + type: boolean + authenticator: + default: false + description: Authenticator indicates if the iam authenticator + log should be enabled + type: boolean + controllerManager: + default: false + description: ControllerManager indicates if the controller manager + (kube-controller-manager) log should be enabled + type: boolean + scheduler: + default: false + description: Scheduler indicates if the Kubernetes scheduler (kube-scheduler) + log should be enabled + type: boolean + required: + - apiServer + - audit + - authenticator + - controllerManager + - scheduler + type: object + network: + description: NetworkSpec encapsulates all things related to AWS network. + properties: + additionalControlPlaneIngressRules: + description: AdditionalControlPlaneIngressRules is an optional + set of ingress rules to add to the control plane + items: + description: IngressRule defines an AWS ingress rule for security + groups. + properties: + cidrBlocks: + description: List of CIDR blocks to allow access from. Cannot + be specified with SourceSecurityGroupID. + items: + type: string + type: array + description: + description: Description provides extended information about + the ingress rule. + type: string + fromPort: + description: FromPort is the start of port range. + format: int64 + type: integer + ipv6CidrBlocks: + description: List of IPv6 CIDR blocks to allow access from. + Cannot be specified with SourceSecurityGroupID. + items: + type: string + type: array + protocol: + description: Protocol is the protocol for the ingress rule. + Accepted values are "-1" (all), "4" (IP in IP),"tcp", + "udp", "icmp", and "58" (ICMPv6), "50" (ESP). + enum: + - "-1" + - "4" + - tcp + - udp + - icmp + - "58" + - "50" + type: string + sourceSecurityGroupIds: + description: The security group id to allow access from. + Cannot be specified with CidrBlocks. + items: + type: string + type: array + sourceSecurityGroupRoles: + description: The security group role to allow access from. + Cannot be specified with CidrBlocks. The field will be + combined with source security group IDs if specified. + items: + description: SecurityGroupRole defines the unique role + of a security group. + enum: + - bastion + - node + - controlplane + - apiserver-lb + - lb + - node-eks-additional + type: string + type: array + toPort: + description: ToPort is the end of port range. + format: int64 + type: integer + required: + - description + - fromPort + - protocol + - toPort + type: object + type: array + cni: + description: CNI configuration + properties: + cniIngressRules: + description: CNIIngressRules specify rules to apply to control + plane and worker node security groups. The source for the + rule will be set to control plane and worker security group + IDs. + items: + description: CNIIngressRule defines an AWS ingress rule + for CNI requirements. + properties: + description: + type: string + fromPort: + format: int64 + type: integer + protocol: + description: SecurityGroupProtocol defines the protocol + type for a security group rule. + type: string + toPort: + format: int64 + type: integer + required: + - description + - fromPort + - protocol + - toPort + type: object + type: array + type: object + securityGroupOverrides: + additionalProperties: + type: string + description: SecurityGroupOverrides is an optional set of security + groups to use for cluster instances This is optional - if not + provided new security groups will be created for the cluster + type: object + subnets: + description: Subnets configuration. + items: + description: SubnetSpec configures an AWS Subnet. + properties: + availabilityZone: + description: AvailabilityZone defines the availability zone + to use for this subnet in the cluster's region. + type: string + cidrBlock: + description: CidrBlock is the CIDR block to be used when + the provider creates a managed VPC. + type: string + id: + description: "ID defines a unique identifier to reference + this resource. If you're bringing your subnet, set the + AWS subnet-id here, it must start with `subnet-`. \n When + the VPC is managed by CAPA, and you'd like the provider + to create a subnet for you, the id can be set to any placeholder + value that does not start with `subnet-`; upon creation, + the subnet AWS identifier will be populated in the `ResourceID` + field and the `id` field is going to be used as the subnet + name. If you specify a tag called `Name`, it takes precedence." + type: string + ipv6CidrBlock: + description: IPv6CidrBlock is the IPv6 CIDR block to be + used when the provider creates a managed VPC. A subnet + can have an IPv4 and an IPv6 address. IPv6 is only supported + in managed clusters, this field cannot be set on AWSCluster + object. + type: string + isIpv6: + description: IsIPv6 defines the subnet as an IPv6 subnet. + A subnet is IPv6 when it is associated with a VPC that + has IPv6 enabled. IPv6 is only supported in managed clusters, + this field cannot be set on AWSCluster object. + type: boolean + isPublic: + description: IsPublic defines the subnet as a public subnet. + A subnet is public when it is associated with a route + table that has a route to an internet gateway. + type: boolean + natGatewayId: + description: NatGatewayID is the NAT gateway id associated + with the subnet. Ignored unless the subnet is managed + by the provider, in which case this is set on the public + subnet where the NAT gateway resides. It is then used + to determine routes for private subnets in the same AZ + as the public subnet. + type: string + resourceID: + description: ResourceID is the subnet identifier from AWS, + READ ONLY. This field is populated when the provider manages + the subnet. + type: string + routeTableId: + description: RouteTableID is the routing table id associated + with the subnet. + type: string + tags: + additionalProperties: + type: string + description: Tags is a collection of tags describing the + resource. + type: object + required: + - id + type: object + type: array + x-kubernetes-list-map-keys: + - id + x-kubernetes-list-type: map + vpc: + description: VPC configuration. + properties: + availabilityZoneSelection: + default: Ordered + description: 'AvailabilityZoneSelection specifies how AZs + should be selected if there are more AZs in a region than + specified by AvailabilityZoneUsageLimit. There are 2 selection + schemes: Ordered - selects based on alphabetical order Random + - selects AZs randomly in a region Defaults to Ordered' + enum: + - Ordered + - Random + type: string + availabilityZoneUsageLimit: + default: 3 + description: AvailabilityZoneUsageLimit specifies the maximum + number of availability zones (AZ) that should be used in + a region when automatically creating subnets. If a region + has more than this number of AZs then this number of AZs + will be picked randomly when creating default subnets. Defaults + to 3 + minimum: 1 + type: integer + cidrBlock: + description: CidrBlock is the CIDR block to be used when the + provider creates a managed VPC. Defaults to 10.0.0.0/16. + Mutually exclusive with IPAMPool. + type: string + emptyRoutesDefaultVPCSecurityGroup: + description: "EmptyRoutesDefaultVPCSecurityGroup specifies + whether the default VPC security group ingress and egress + rules should be removed. \n By default, when creating a + VPC, AWS creates a security group called `default` with + ingress and egress rules that allow traffic from anywhere. + The group could be used as a potential surface attack and + it's generally suggested that the group rules are removed + or modified appropriately. \n NOTE: This only applies when + the VPC is managed by the Cluster API AWS controller." + type: boolean + id: + description: ID is the vpc-id of the VPC this provider should + use to create resources. + type: string + internetGatewayId: + description: InternetGatewayID is the id of the internet gateway + associated with the VPC. + type: string + ipamPool: + description: IPAMPool defines the IPAMv4 pool to be used for + VPC. Mutually exclusive with CidrBlock. + properties: + id: + description: ID is the ID of the IPAM pool this provider + should use to create VPC. + type: string + name: + description: Name is the name of the IPAM pool this provider + should use to create VPC. + type: string + netmaskLength: + description: The netmask length of the IPv4 CIDR you want + to allocate to VPC from an Amazon VPC IP Address Manager + (IPAM) pool. Defaults to /16 for IPv4 if not specified. + format: int64 + type: integer + type: object + ipv6: + description: IPv6 contains ipv6 specific settings for the + network. Supported only in managed clusters. This field + cannot be set on AWSCluster object. + properties: + cidrBlock: + description: CidrBlock is the CIDR block provided by Amazon + when VPC has enabled IPv6. Mutually exclusive with IPAMPool. + type: string + egressOnlyInternetGatewayId: + description: EgressOnlyInternetGatewayID is the id of + the egress only internet gateway associated with an + IPv6 enabled VPC. + type: string + ipamPool: + description: IPAMPool defines the IPAMv6 pool to be used + for VPC. Mutually exclusive with CidrBlock. + properties: + id: + description: ID is the ID of the IPAM pool this provider + should use to create VPC. + type: string + name: + description: Name is the name of the IPAM pool this + provider should use to create VPC. + type: string + netmaskLength: + description: The netmask length of the IPv4 CIDR you + want to allocate to VPC from an Amazon VPC IP Address + Manager (IPAM) pool. Defaults to /16 for IPv4 if + not specified. + format: int64 + type: integer + type: object + poolId: + description: PoolID is the IP pool which must be defined + in case of BYO IP is defined. Must be specified if CidrBlock + is set. Mutually exclusive with IPAMPool. + type: string + type: object + privateDnsHostnameTypeOnLaunch: + description: PrivateDNSHostnameTypeOnLaunch is the type of + hostname to assign to instances in the subnet at launch. + For IPv4-only and dual-stack (IPv4 and IPv6) subnets, an + instance DNS name can be based on the instance IPv4 address + (ip-name) or the instance ID (resource-name). For IPv6 only + subnets, an instance DNS name must be based on the instance + ID (resource-name). + enum: + - ip-name + - resource-name + type: string + tags: + additionalProperties: + type: string + description: Tags is a collection of tags describing the resource. + type: object + type: object + type: object + oidcIdentityProviderConfig: + description: IdentityProviderconfig is used to specify the oidc provider + config to be attached with this eks cluster + properties: + clientId: + description: This is also known as audience. The ID for the client + application that makes authentication requests to the OpenID + identity provider. + type: string + groupsClaim: + description: The JWT claim that the provider uses to return your + groups. + type: string + groupsPrefix: + description: 'The prefix that is prepended to group claims to + prevent clashes with existing names (such as system: groups). + For example, the valueoidc: will create group names like oidc:engineering + and oidc:infra.' + type: string + identityProviderConfigName: + description: "The name of the OIDC provider configuration. \n + IdentityProviderConfigName is a required field" + type: string + issuerUrl: + description: The URL of the OpenID identity provider that allows + the API server to discover public signing keys for verifying + tokens. The URL must begin with https:// and should correspond + to the iss claim in the provider's OIDC ID tokens. Per the OIDC + standard, path components are allowed but query parameters are + not. Typically the URL consists of only a hostname, like https://server.example.org + or https://example.com. This URL should point to the level below + .well-known/openid-configuration and must be publicly accessible + over the internet. + type: string + requiredClaims: + additionalProperties: + type: string + description: The key value pairs that describe required claims + in the identity token. If set, each claim is verified to be + present in the token with a matching value. For the maximum + number of claims that you can require, see Amazon EKS service + quotas (https://docs.aws.amazon.com/eks/latest/userguide/service-quotas.html) + in the Amazon EKS User Guide. + type: object + tags: + additionalProperties: + type: string + description: tags to apply to oidc identity provider association + type: object + usernameClaim: + description: The JSON Web Token (JWT) claim to use as the username. + The default is sub, which is expected to be a unique identifier + of the end user. You can choose other claims, such as email + or name, depending on the OpenID identity provider. Claims other + than email are prefixed with the issuer URL to prevent naming + clashes with other plug-ins. + type: string + usernamePrefix: + description: The prefix that is prepended to username claims to + prevent clashes with existing names. If you do not provide this + field, and username is a value other than email, the prefix + defaults to issuerurl#. You can use the value - to disable all + prefixing. + type: string + type: object + region: + description: The AWS Region the cluster lives in. + type: string + roleAdditionalPolicies: + description: RoleAdditionalPolicies allows you to attach additional + polices to the control plane role. You must enable the EKSAllowAddRoles + feature flag to incorporate these into the created role. + items: + type: string + type: array + roleName: + description: RoleName specifies the name of IAM role that gives EKS + permission to make API calls. If the role is pre-existing we will + treat it as unmanaged and not delete it on deletion. If the EKSEnableIAM + feature flag is true and no name is supplied then a role is created. + minLength: 2 + type: string + secondaryCidrBlock: + description: SecondaryCidrBlock is the additional CIDR range to use + for pod IPs. Must be within the 100.64.0.0/10 or 198.19.0.0/16 range. + type: string + sshKeyName: + description: SSHKeyName is the name of the ssh key to attach to the + bastion host. Valid values are empty string (do not use SSH keys), + a valid SSH key name, or omitted (use the default SSH key name) + type: string + tokenMethod: + default: iam-authenticator + description: TokenMethod is used to specify the method for obtaining + a client token for communicating with EKS iam-authenticator - obtains + a client token using iam-authentictor aws-cli - obtains a client + token using the AWS CLI Defaults to iam-authenticator + enum: + - iam-authenticator + - aws-cli + type: string + version: + description: Version defines the desired Kubernetes version. If no + version number is supplied then the latest version of Kubernetes + that EKS supports will be used. + minLength: 2 + pattern: ^v?(0|[1-9][0-9]*)\.(0|[1-9][0-9]*)\.?(\.0|[1-9][0-9]*)?$ + type: string + vpcCni: + description: VpcCni is used to set configuration options for the VPC + CNI plugin + properties: + env: + description: Env defines a list of environment variables to apply + to the `aws-node` DaemonSet + items: + description: EnvVar represents an environment variable present + in a Container. + properties: + name: + description: Name of the environment variable. Must be a + C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are expanded + using the previously defined environment variables in + the container and any service environment variables. If + a variable cannot be resolved, the reference in the input + string will be unchanged. Double $$ are reduced to a single + $, which allows for escaping the $(VAR_NAME) syntax: i.e. + "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless + of whether the variable exists or not. Defaults to "".' + type: string + valueFrom: + description: Source for the environment variable's value. + Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + description: 'Selects a field of the pod: supports metadata.name, + metadata.namespace, `metadata.labels['''']`, + `metadata.annotations['''']`, spec.nodeName, + spec.serviceAccountName, status.hostIP, status.podIP, + status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the + specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + description: 'Selects a resource of the container: only + resources limits and requests (limits.cpu, limits.memory, + limits.ephemeral-storage, requests.cpu, requests.memory + and requests.ephemeral-storage) are currently supported.' + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of the + exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + description: Selects a key of a secret in the pod's + namespace + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array + type: object + type: object + status: + description: AWSManagedControlPlaneStatus defines the observed state of + an Amazon EKS Cluster. + properties: + addons: + description: Addons holds the current status of the EKS addons + items: + description: AddonState represents the state of an addon. + properties: + arn: + description: ARN is the AWS ARN of the addon + type: string + createdAt: + description: CreatedAt is the date and time the addon was created + at + format: date-time + type: string + issues: + description: Issues is a list of issue associated with the addon + items: + description: AddonIssue represents an issue with an addon. + properties: + code: + description: Code is the issue code + type: string + message: + description: Message is the textual description of the + issue + type: string + resourceIds: + description: ResourceIDs is a list of resource ids for + the issue + items: + type: string + type: array + type: object + type: array + modifiedAt: + description: ModifiedAt is the date and time the addon was last + modified + format: date-time + type: string + name: + description: Name is the name of the addon + type: string + serviceAccountRoleARN: + description: ServiceAccountRoleArn is the ARN of the IAM role + used for the service account + type: string + status: + description: Status is the status of the addon + type: string + version: + description: Version is the version of the addon to use + type: string + required: + - arn + - name + - version + type: object + type: array + bastion: + description: Bastion holds details of the instance that is used as + a bastion jump box + properties: + addresses: + description: Addresses contains the AWS instance associated addresses. + items: + description: MachineAddress contains information for the node's + address. + properties: + address: + description: The machine address. + type: string + type: + description: Machine address type, one of Hostname, ExternalIP, + InternalIP, ExternalDNS or InternalDNS. + type: string + required: + - address + - type + type: object + type: array + availabilityZone: + description: Availability zone of instance + type: string + ebsOptimized: + description: Indicates whether the instance is optimized for Amazon + EBS I/O. + type: boolean + enaSupport: + description: Specifies whether enhanced networking with ENA is + enabled. + type: boolean + iamProfile: + description: The name of the IAM instance profile associated with + the instance, if applicable. + type: string + id: + type: string + imageId: + description: The ID of the AMI used to launch the instance. + type: string + instanceMetadataOptions: + description: InstanceMetadataOptions is the metadata options for + the EC2 instance. + properties: + httpEndpoint: + default: enabled + description: "Enables or disables the HTTP metadata endpoint + on your instances. \n If you specify a value of disabled, + you cannot access your instance metadata. \n Default: enabled" + enum: + - enabled + - disabled + type: string + httpPutResponseHopLimit: + default: 1 + description: "The desired HTTP PUT response hop limit for + instance metadata requests. The larger the number, the further + instance metadata requests can travel. \n Default: 1" + format: int64 + maximum: 64 + minimum: 1 + type: integer + httpTokens: + default: optional + description: "The state of token usage for your instance metadata + requests. \n If the state is optional, you can choose to + retrieve instance metadata with or without a session token + on your request. If you retrieve the IAM role credentials + without a token, the version 1.0 role credentials are returned. + If you retrieve the IAM role credentials using a valid session + token, the version 2.0 role credentials are returned. \n + If the state is required, you must send a session token + with any instance metadata retrieval requests. In this state, + retrieving the IAM role credentials always returns the version + 2.0 credentials; the version 1.0 credentials are not available. + \n Default: optional" + enum: + - optional + - required + type: string + instanceMetadataTags: + default: disabled + description: "Set to enabled to allow access to instance tags + from the instance metadata. Set to disabled to turn off + access to instance tags from the instance metadata. For + more information, see Work with instance tags using the + instance metadata (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Using_Tags.html#work-with-tags-in-IMDS). + \n Default: disabled" + enum: + - enabled + - disabled + type: string + type: object + instanceState: + description: The current state of the instance. + type: string + networkInterfaces: + description: Specifies ENIs attached to instance + items: + type: string + type: array + nonRootVolumes: + description: Configuration options for the non root storage volumes. + items: + description: Volume encapsulates the configuration options for + the storage device. + properties: + deviceName: + description: Device name + type: string + encrypted: + description: Encrypted is whether the volume should be encrypted + or not. + type: boolean + encryptionKey: + description: EncryptionKey is the KMS key to use to encrypt + the volume. Can be either a KMS key ID or ARN. If Encrypted + is set and this is omitted, the default AWS key will be + used. The key must already exist and be accessible by + the controller. + type: string + iops: + description: IOPS is the number of IOPS requested for the + disk. Not applicable to all types. + format: int64 + type: integer + size: + description: Size specifies size (in Gi) of the storage + device. Must be greater than the image snapshot size or + 8 (whichever is greater). + format: int64 + minimum: 8 + type: integer + throughput: + description: Throughput to provision in MiB/s supported + for the volume type. Not applicable to all types. + format: int64 + type: integer + type: + description: Type is the type of the volume (e.g. gp2, io1, + etc...). + type: string + required: + - size + type: object + type: array + placementGroupName: + description: PlacementGroupName specifies the name of the placement + group in which to launch the instance. + type: string + privateDnsName: + description: PrivateDNSName is the options for the instance hostname. + properties: + enableResourceNameDnsAAAARecord: + description: EnableResourceNameDNSAAAARecord indicates whether + to respond to DNS queries for instance hostnames with DNS + AAAA records. + type: boolean + enableResourceNameDnsARecord: + description: EnableResourceNameDNSARecord indicates whether + to respond to DNS queries for instance hostnames with DNS + A records. + type: boolean + hostnameType: + description: The type of hostname to assign to an instance. + enum: + - ip-name + - resource-name + type: string + type: object + privateIp: + description: The private IPv4 address assigned to the instance. + type: string + publicIp: + description: The public IPv4 address assigned to the instance, + if applicable. + type: string + rootVolume: + description: Configuration options for the root storage volume. + properties: + deviceName: + description: Device name + type: string + encrypted: + description: Encrypted is whether the volume should be encrypted + or not. + type: boolean + encryptionKey: + description: EncryptionKey is the KMS key to use to encrypt + the volume. Can be either a KMS key ID or ARN. If Encrypted + is set and this is omitted, the default AWS key will be + used. The key must already exist and be accessible by the + controller. + type: string + iops: + description: IOPS is the number of IOPS requested for the + disk. Not applicable to all types. + format: int64 + type: integer + size: + description: Size specifies size (in Gi) of the storage device. + Must be greater than the image snapshot size or 8 (whichever + is greater). + format: int64 + minimum: 8 + type: integer + throughput: + description: Throughput to provision in MiB/s supported for + the volume type. Not applicable to all types. + format: int64 + type: integer + type: + description: Type is the type of the volume (e.g. gp2, io1, + etc...). + type: string + required: + - size + type: object + securityGroupIds: + description: SecurityGroupIDs are one or more security group IDs + this instance belongs to. + items: + type: string + type: array + spotMarketOptions: + description: SpotMarketOptions option for configuring instances + to be run using AWS Spot instances. + properties: + maxPrice: + description: MaxPrice defines the maximum price the user is + willing to pay for Spot VM instances + type: string + type: object + sshKeyName: + description: The name of the SSH key pair. + type: string + subnetId: + description: The ID of the subnet of the instance. + type: string + tags: + additionalProperties: + type: string + description: The tags associated with the instance. + type: object + tenancy: + description: Tenancy indicates if instance should run on shared + or single-tenant hardware. + type: string + type: + description: The instance type. + type: string + userData: + description: UserData is the raw data script passed to the instance + which is run upon bootstrap. This field must not be base64 encoded + and should only be used when running a new instance. + type: string + volumeIDs: + description: IDs of the instance's volumes + items: + type: string + type: array + required: + - id + type: object + conditions: + description: Conditions specifies the cpnditions for the managed control + plane + items: + description: Condition defines an observation of a Cluster API resource + operational state. + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. This should be when the underlying condition changed. + If that is not known, then using the time when the API field + changed is acceptable. + format: date-time + type: string + message: + description: A human readable message indicating details about + the transition. This field may be empty. + type: string + reason: + description: The reason for the condition's last transition + in CamelCase. The specific API may choose whether or not this + field is considered a guaranteed API. This field may not be + empty. + type: string + severity: + description: Severity provides an explicit classification of + Reason code, so the users or machines can immediately understand + the current situation and act accordingly. The Severity field + MUST be set only when Status=False. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition in CamelCase or in foo.example.com/CamelCase. + Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be useful + (see .node.status.conditions), the ability to deconflict is + important. + type: string + required: + - lastTransitionTime + - status + - type + type: object + type: array + externalManagedControlPlane: + default: true + description: ExternalManagedControlPlane indicates to cluster-api + that the control plane is managed by an external service such as + AKS, EKS, GKE, etc. + type: boolean + failureDomains: + additionalProperties: + description: FailureDomainSpec is the Schema for Cluster API failure + domains. It allows controllers to understand how many failure + domains a cluster can optionally span across. + properties: + attributes: + additionalProperties: + type: string + description: Attributes is a free form map of attributes an + infrastructure provider might use or require. + type: object + controlPlane: + description: ControlPlane determines if this failure domain + is suitable for use by control plane machines. + type: boolean + type: object + description: FailureDomains specifies a list fo available availability + zones that can be used + type: object + failureMessage: + description: ErrorMessage indicates that there is a terminal problem + reconciling the state, and will be set to a descriptive error message. + type: string + identityProviderStatus: + description: IdentityProviderStatus holds the status for associated + identity provider + properties: + arn: + description: ARN holds the ARN of associated identity provider + type: string + status: + description: Status holds current status of associated identity + provider + type: string + type: object + initialized: + description: Initialized denotes whether or not the control plane + has the uploaded kubernetes config-map. + type: boolean + networkStatus: + description: Networks holds details about the AWS networking resources + used by the control plane + properties: + apiServerElb: + description: APIServerELB is the Kubernetes api server load balancer. + properties: + arn: + description: ARN of the load balancer. Unlike the ClassicLB, + ARN is used mostly to define and get it. + type: string + attributes: + description: ClassicElbAttributes defines extra attributes + associated with the load balancer. + properties: + crossZoneLoadBalancing: + description: CrossZoneLoadBalancing enables the classic + load balancer load balancing. + type: boolean + idleTimeout: + description: IdleTimeout is time that the connection is + allowed to be idle (no data has been sent over the connection) + before it is closed by the load balancer. + format: int64 + type: integer + type: object + availabilityZones: + description: AvailabilityZones is an array of availability + zones in the VPC attached to the load balancer. + items: + type: string + type: array + dnsName: + description: DNSName is the dns name of the load balancer. + type: string + elbAttributes: + additionalProperties: + type: string + description: ELBAttributes defines extra attributes associated + with v2 load balancers. + type: object + elbListeners: + description: ELBListeners is an array of listeners associated + with the load balancer. There must be at least one. + items: + description: Listener defines an AWS network load balancer + listener. + properties: + port: + format: int64 + type: integer + protocol: + description: ELBProtocol defines listener protocols + for a load balancer. + type: string + targetGroup: + description: TargetGroupSpec specifies target group + settings for a given listener. This is created first, + and the ARN is then passed to the listener. + properties: + name: + description: Name of the TargetGroup. Must be unique + over the same group of listeners. + type: string + port: + description: Port is the exposed port + format: int64 + type: integer + protocol: + description: ELBProtocol defines listener protocols + for a load balancer. + enum: + - tcp + - tls + - udp + - TCP + - TLS + - UDP + type: string + targetGroupHealthCheck: + description: HealthCheck is the elb health check + associated with the load balancer. + properties: + intervalSeconds: + format: int64 + type: integer + path: + type: string + port: + type: string + protocol: + type: string + thresholdCount: + format: int64 + type: integer + timeoutSeconds: + format: int64 + type: integer + type: object + vpcId: + type: string + required: + - name + - port + - protocol + - vpcId + type: object + required: + - port + - protocol + - targetGroup + type: object + type: array + healthChecks: + description: HealthCheck is the classic elb health check associated + with the load balancer. + properties: + healthyThreshold: + format: int64 + type: integer + interval: + description: A Duration represents the elapsed time between + two instants as an int64 nanosecond count. The representation + limits the largest representable duration to approximately + 290 years. + format: int64 + type: integer + target: + type: string + timeout: + description: A Duration represents the elapsed time between + two instants as an int64 nanosecond count. The representation + limits the largest representable duration to approximately + 290 years. + format: int64 + type: integer + unhealthyThreshold: + format: int64 + type: integer + required: + - healthyThreshold + - interval + - target + - timeout + - unhealthyThreshold + type: object + listeners: + description: ClassicELBListeners is an array of classic elb + listeners associated with the load balancer. There must + be at least one. + items: + description: ClassicELBListener defines an AWS classic load + balancer listener. + properties: + instancePort: + format: int64 + type: integer + instanceProtocol: + description: ELBProtocol defines listener protocols + for a load balancer. + type: string + port: + format: int64 + type: integer + protocol: + description: ELBProtocol defines listener protocols + for a load balancer. + type: string + required: + - instancePort + - instanceProtocol + - port + - protocol + type: object + type: array + loadBalancerType: + description: LoadBalancerType sets the type for a load balancer. + The default type is classic. + enum: + - classic + - elb + - alb + - nlb + type: string + name: + description: The name of the load balancer. It must be unique + within the set of load balancers defined in the region. + It also serves as identifier. + type: string + scheme: + description: Scheme is the load balancer scheme, either internet-facing + or private. + type: string + securityGroupIds: + description: SecurityGroupIDs is an array of security groups + assigned to the load balancer. + items: + type: string + type: array + subnetIds: + description: SubnetIDs is an array of subnets in the VPC attached + to the load balancer. + items: + type: string + type: array + tags: + additionalProperties: + type: string + description: Tags is a map of tags associated with the load + balancer. + type: object + type: object + natGatewaysIPs: + description: NatGatewaysIPs contains the public IPs of the NAT + Gateways + items: + type: string + type: array + secondaryAPIServerELB: + description: SecondaryAPIServerELB is the secondary Kubernetes + api server load balancer. + properties: + arn: + description: ARN of the load balancer. Unlike the ClassicLB, + ARN is used mostly to define and get it. + type: string + attributes: + description: ClassicElbAttributes defines extra attributes + associated with the load balancer. + properties: + crossZoneLoadBalancing: + description: CrossZoneLoadBalancing enables the classic + load balancer load balancing. + type: boolean + idleTimeout: + description: IdleTimeout is time that the connection is + allowed to be idle (no data has been sent over the connection) + before it is closed by the load balancer. + format: int64 + type: integer + type: object + availabilityZones: + description: AvailabilityZones is an array of availability + zones in the VPC attached to the load balancer. + items: + type: string + type: array + dnsName: + description: DNSName is the dns name of the load balancer. + type: string + elbAttributes: + additionalProperties: + type: string + description: ELBAttributes defines extra attributes associated + with v2 load balancers. + type: object + elbListeners: + description: ELBListeners is an array of listeners associated + with the load balancer. There must be at least one. + items: + description: Listener defines an AWS network load balancer + listener. + properties: + port: + format: int64 + type: integer + protocol: + description: ELBProtocol defines listener protocols + for a load balancer. + type: string + targetGroup: + description: TargetGroupSpec specifies target group + settings for a given listener. This is created first, + and the ARN is then passed to the listener. + properties: + name: + description: Name of the TargetGroup. Must be unique + over the same group of listeners. + type: string + port: + description: Port is the exposed port + format: int64 + type: integer + protocol: + description: ELBProtocol defines listener protocols + for a load balancer. + enum: + - tcp + - tls + - udp + - TCP + - TLS + - UDP + type: string + targetGroupHealthCheck: + description: HealthCheck is the elb health check + associated with the load balancer. + properties: + intervalSeconds: + format: int64 + type: integer + path: + type: string + port: + type: string + protocol: + type: string + thresholdCount: + format: int64 + type: integer + timeoutSeconds: + format: int64 + type: integer + type: object + vpcId: + type: string + required: + - name + - port + - protocol + - vpcId + type: object + required: + - port + - protocol + - targetGroup + type: object + type: array + healthChecks: + description: HealthCheck is the classic elb health check associated + with the load balancer. + properties: + healthyThreshold: + format: int64 + type: integer + interval: + description: A Duration represents the elapsed time between + two instants as an int64 nanosecond count. The representation + limits the largest representable duration to approximately + 290 years. + format: int64 + type: integer + target: + type: string + timeout: + description: A Duration represents the elapsed time between + two instants as an int64 nanosecond count. The representation + limits the largest representable duration to approximately + 290 years. + format: int64 + type: integer + unhealthyThreshold: + format: int64 + type: integer + required: + - healthyThreshold + - interval + - target + - timeout + - unhealthyThreshold + type: object + listeners: + description: ClassicELBListeners is an array of classic elb + listeners associated with the load balancer. There must + be at least one. + items: + description: ClassicELBListener defines an AWS classic load + balancer listener. + properties: + instancePort: + format: int64 + type: integer + instanceProtocol: + description: ELBProtocol defines listener protocols + for a load balancer. + type: string + port: + format: int64 + type: integer + protocol: + description: ELBProtocol defines listener protocols + for a load balancer. + type: string + required: + - instancePort + - instanceProtocol + - port + - protocol + type: object + type: array + loadBalancerType: + description: LoadBalancerType sets the type for a load balancer. + The default type is classic. + enum: + - classic + - elb + - alb + - nlb + type: string + name: + description: The name of the load balancer. It must be unique + within the set of load balancers defined in the region. + It also serves as identifier. + type: string + scheme: + description: Scheme is the load balancer scheme, either internet-facing + or private. + type: string + securityGroupIds: + description: SecurityGroupIDs is an array of security groups + assigned to the load balancer. + items: + type: string + type: array + subnetIds: + description: SubnetIDs is an array of subnets in the VPC attached + to the load balancer. + items: + type: string + type: array + tags: + additionalProperties: + type: string + description: Tags is a map of tags associated with the load + balancer. + type: object + type: object + securityGroups: + additionalProperties: + description: SecurityGroup defines an AWS security group. + properties: + id: + description: ID is a unique identifier. + type: string + ingressRule: + description: IngressRules is the inbound rules associated + with the security group. + items: + description: IngressRule defines an AWS ingress rule for + security groups. + properties: + cidrBlocks: + description: List of CIDR blocks to allow access from. + Cannot be specified with SourceSecurityGroupID. + items: + type: string + type: array + description: + description: Description provides extended information + about the ingress rule. + type: string + fromPort: + description: FromPort is the start of port range. + format: int64 + type: integer + ipv6CidrBlocks: + description: List of IPv6 CIDR blocks to allow access + from. Cannot be specified with SourceSecurityGroupID. + items: + type: string + type: array + protocol: + description: Protocol is the protocol for the ingress + rule. Accepted values are "-1" (all), "4" (IP in + IP),"tcp", "udp", "icmp", and "58" (ICMPv6), "50" + (ESP). + enum: + - "-1" + - "4" + - tcp + - udp + - icmp + - "58" + - "50" + type: string + sourceSecurityGroupIds: + description: The security group id to allow access + from. Cannot be specified with CidrBlocks. + items: + type: string + type: array + sourceSecurityGroupRoles: + description: The security group role to allow access + from. Cannot be specified with CidrBlocks. The field + will be combined with source security group IDs + if specified. + items: + description: SecurityGroupRole defines the unique + role of a security group. + enum: + - bastion + - node + - controlplane + - apiserver-lb + - lb + - node-eks-additional + type: string + type: array + toPort: + description: ToPort is the end of port range. + format: int64 + type: integer + required: + - description + - fromPort + - protocol + - toPort + type: object + type: array + name: + description: Name is the security group name. + type: string + tags: + additionalProperties: + type: string + description: Tags is a map of tags associated with the security + group. + type: object + required: + - id + - name + type: object + description: SecurityGroups is a map from the role/kind of the + security group to its unique name, if any. + type: object + type: object + oidcProvider: + description: OIDCProvider holds the status of the identity provider + for this cluster + properties: + arn: + description: ARN holds the ARN of the provider + type: string + trustPolicy: + description: TrustPolicy contains the boilerplate IAM trust policy + to use for IRSA + type: string + type: object + ready: + default: false + description: Ready denotes that the AWSManagedControlPlane API Server + is ready to receive requests and that the VPC infra is ready. + type: boolean + required: + - ready + type: object + type: object + served: false + storage: false + subresources: + status: {} + - additionalPrinterColumns: + - description: Cluster to which this AWSManagedControl belongs + jsonPath: .metadata.labels.cluster\.x-k8s\.io/cluster-name + name: Cluster + type: string + - description: Control plane infrastructure is ready for worker nodes + jsonPath: .status.ready + name: Ready + type: string + - description: AWS VPC the control plane is using + jsonPath: .spec.network.vpc.id + name: VPC + type: string + - description: API Endpoint + jsonPath: .spec.controlPlaneEndpoint.host + name: Endpoint + priority: 1 + type: string + - description: Bastion IP address for breakglass access + jsonPath: .status.bastion.publicIp + name: Bastion IP + type: string + name: v1beta2 + schema: + openAPIV3Schema: + description: AWSManagedControlPlane is the schema for the Amazon EKS Managed + Control Plane API. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: AWSManagedControlPlaneSpec defines the desired state of an + Amazon EKS Cluster. + properties: + additionalTags: + additionalProperties: + type: string + description: AdditionalTags is an optional set of tags to add to AWS + resources managed by the AWS provider, in addition to the ones added + by default. + type: object + addons: + description: Addons defines the EKS addons to enable with the EKS + cluster. + items: + description: Addon represents a EKS addon. + properties: + configuration: + description: Configuration of the EKS addon + type: string + conflictResolution: + default: overwrite + description: ConflictResolution is used to declare what should + happen if there are parameter conflicts. Defaults to none + enum: + - overwrite + - none + type: string + name: + description: Name is the name of the addon + minLength: 2 + type: string + serviceAccountRoleARN: + description: ServiceAccountRoleArn is the ARN of an IAM role + to bind to the addons service account + type: string + version: + description: Version is the version of the addon to use + type: string + required: + - name + - version + type: object + type: array + associateOIDCProvider: + default: false + description: AssociateOIDCProvider can be enabled to automatically + create an identity provider for the controller for use with IAM + roles for service accounts + type: boolean + bastion: + description: Bastion contains options to configure the bastion host. + properties: + allowedCIDRBlocks: + description: AllowedCIDRBlocks is a list of CIDR blocks allowed + to access the bastion host. They are set as ingress rules for + the Bastion host's Security Group (defaults to 0.0.0.0/0). + items: + type: string + type: array + ami: + description: AMI will use the specified AMI to boot the bastion. + If not specified, the AMI will default to one picked out in + public space. + type: string + disableIngressRules: + description: DisableIngressRules will ensure there are no Ingress + rules in the bastion host's security group. Requires AllowedCIDRBlocks + to be empty. + type: boolean + enabled: + description: Enabled allows this provider to create a bastion + host instance with a public ip to access the VPC private network. + type: boolean + instanceType: + description: InstanceType will use the specified instance type + for the bastion. If not specified, Cluster API Provider AWS + will use t3.micro for all regions except us-east-1, where t2.micro + will be the default. + type: string + type: object + controlPlaneEndpoint: + description: ControlPlaneEndpoint represents the endpoint used to + communicate with the control plane. + properties: + host: + description: The hostname on which the API server is serving. + type: string + port: + description: The port on which the API server is serving. + format: int32 + type: integer + required: + - host + - port + type: object + eksClusterName: + description: EKSClusterName allows you to specify the name of the + EKS cluster in AWS. If you don't specify a name then a default name + will be created based on the namespace and name of the managed control + plane. + type: string + encryptionConfig: + description: EncryptionConfig specifies the encryption configuration + for the cluster + properties: + provider: + description: Provider specifies the ARN or alias of the CMK (in + AWS KMS) + type: string + resources: + description: Resources specifies the resources to be encrypted + items: + type: string + type: array + type: object + endpointAccess: + description: Endpoints specifies access to this cluster's control + plane endpoints + properties: + private: + description: Private points VPC-internal control plane access + to the private endpoint + type: boolean + public: + description: Public controls whether control plane endpoints are + publicly accessible + type: boolean + publicCIDRs: + description: PublicCIDRs specifies which blocks can access the + public endpoint + items: + type: string + type: array + type: object + iamAuthenticatorConfig: + description: IAMAuthenticatorConfig allows the specification of any + additional user or role mappings for use when generating the aws-iam-authenticator + configuration. If this is nil the default configuration is still + generated for the cluster. + properties: + mapRoles: + description: RoleMappings is a list of role mappings + items: + description: RoleMapping represents a mapping from a IAM role + to Kubernetes users and groups. + properties: + groups: + description: Groups is a list of kubernetes RBAC groups + items: + type: string + type: array + rolearn: + description: RoleARN is the AWS ARN for the role to map + minLength: 31 + type: string + username: + description: UserName is a kubernetes RBAC user subject + type: string + required: + - groups + - rolearn + - username + type: object + type: array + mapUsers: + description: UserMappings is a list of user mappings + items: + description: UserMapping represents a mapping from an IAM user + to Kubernetes users and groups. + properties: + groups: + description: Groups is a list of kubernetes RBAC groups + items: + type: string + type: array + userarn: + description: UserARN is the AWS ARN for the user to map + minLength: 31 + type: string + username: + description: UserName is a kubernetes RBAC user subject + type: string + required: + - groups + - userarn + - username + type: object + type: array + type: object + identityRef: + description: IdentityRef is a reference to an identity to be used + when reconciling the managed control plane. If no identity is specified, + the default identity for this controller will be used. + properties: + kind: + description: Kind of the identity. + enum: + - AWSClusterControllerIdentity + - AWSClusterRoleIdentity + - AWSClusterStaticIdentity + type: string + name: + description: Name of the identity. + minLength: 1 + type: string + required: + - kind + - name + type: object + imageLookupBaseOS: + description: ImageLookupBaseOS is the name of the base operating system + used to look up machine images when a machine does not specify an + AMI. When set, this will be used for all cluster machines unless + a machine specifies a different ImageLookupBaseOS. + type: string + imageLookupFormat: + description: 'ImageLookupFormat is the AMI naming format to look up + machine images when a machine does not specify an AMI. When set, + this will be used for all cluster machines unless a machine specifies + a different ImageLookupOrg. Supports substitutions for {{.BaseOS}} + and {{.K8sVersion}} with the base OS and kubernetes version, respectively. + The BaseOS will be the value in ImageLookupBaseOS or ubuntu (the + default), and the kubernetes version as defined by the packages + produced by kubernetes/release without v as a prefix: 1.13.0, 1.12.5-mybuild.1, + or 1.17.3. For example, the default image format of capa-ami-{{.BaseOS}}-?{{.K8sVersion}}-* + will end up searching for AMIs that match the pattern capa-ami-ubuntu-?1.18.0-* + for a Machine that is targeting kubernetes v1.18.0 and the ubuntu + base OS. See also: https://golang.org/pkg/text/template/' + type: string + imageLookupOrg: + description: ImageLookupOrg is the AWS Organization ID to look up + machine images when a machine does not specify an AMI. When set, + this will be used for all cluster machines unless a machine specifies + a different ImageLookupOrg. + type: string + kubeProxy: + description: KubeProxy defines managed attributes of the kube-proxy + daemonset + properties: + disable: + default: false + description: Disable set to true indicates that kube-proxy should + be disabled. With EKS clusters kube-proxy is automatically installed + into the cluster. For clusters where you want to use kube-proxy + functionality that is provided with an alternate CNI, this option + provides a way to specify that the kube-proxy daemonset should + be deleted. You cannot set this to true if you are using the + Amazon kube-proxy addon. + type: boolean + type: object + logging: + description: Logging specifies which EKS Cluster logs should be enabled. + Entries for each of the enabled logs will be sent to CloudWatch + properties: + apiServer: + default: false + description: APIServer indicates if the Kubernetes API Server + log (kube-apiserver) shoulkd be enabled + type: boolean + audit: + default: false + description: Audit indicates if the Kubernetes API audit log should + be enabled + type: boolean + authenticator: + default: false + description: Authenticator indicates if the iam authenticator + log should be enabled + type: boolean + controllerManager: + default: false + description: ControllerManager indicates if the controller manager + (kube-controller-manager) log should be enabled + type: boolean + scheduler: + default: false + description: Scheduler indicates if the Kubernetes scheduler (kube-scheduler) + log should be enabled + type: boolean + required: + - apiServer + - audit + - authenticator + - controllerManager + - scheduler + type: object + network: + description: NetworkSpec encapsulates all things related to AWS network. + properties: + additionalControlPlaneIngressRules: + description: AdditionalControlPlaneIngressRules is an optional + set of ingress rules to add to the control plane + items: + description: IngressRule defines an AWS ingress rule for security + groups. + properties: + cidrBlocks: + description: List of CIDR blocks to allow access from. Cannot + be specified with SourceSecurityGroupID. + items: + type: string + type: array + description: + description: Description provides extended information about + the ingress rule. + type: string + fromPort: + description: FromPort is the start of port range. + format: int64 + type: integer + ipv6CidrBlocks: + description: List of IPv6 CIDR blocks to allow access from. + Cannot be specified with SourceSecurityGroupID. + items: + type: string + type: array + protocol: + description: Protocol is the protocol for the ingress rule. + Accepted values are "-1" (all), "4" (IP in IP),"tcp", + "udp", "icmp", and "58" (ICMPv6), "50" (ESP). + enum: + - "-1" + - "4" + - tcp + - udp + - icmp + - "58" + - "50" + type: string + sourceSecurityGroupIds: + description: The security group id to allow access from. + Cannot be specified with CidrBlocks. + items: + type: string + type: array + sourceSecurityGroupRoles: + description: The security group role to allow access from. + Cannot be specified with CidrBlocks. The field will be + combined with source security group IDs if specified. + items: + description: SecurityGroupRole defines the unique role + of a security group. + enum: + - bastion + - node + - controlplane + - apiserver-lb + - lb + - node-eks-additional + type: string + type: array + toPort: + description: ToPort is the end of port range. + format: int64 + type: integer + required: + - description + - fromPort + - protocol + - toPort + type: object + type: array + cni: + description: CNI configuration + properties: + cniIngressRules: + description: CNIIngressRules specify rules to apply to control + plane and worker node security groups. The source for the + rule will be set to control plane and worker security group + IDs. + items: + description: CNIIngressRule defines an AWS ingress rule + for CNI requirements. + properties: + description: + type: string + fromPort: + format: int64 + type: integer + protocol: + description: SecurityGroupProtocol defines the protocol + type for a security group rule. + type: string + toPort: + format: int64 + type: integer + required: + - description + - fromPort + - protocol + - toPort + type: object + type: array + type: object + securityGroupOverrides: + additionalProperties: + type: string + description: SecurityGroupOverrides is an optional set of security + groups to use for cluster instances This is optional - if not + provided new security groups will be created for the cluster + type: object + subnets: + description: Subnets configuration. + items: + description: SubnetSpec configures an AWS Subnet. + properties: + availabilityZone: + description: AvailabilityZone defines the availability zone + to use for this subnet in the cluster's region. + type: string + cidrBlock: + description: CidrBlock is the CIDR block to be used when + the provider creates a managed VPC. + type: string + id: + description: "ID defines a unique identifier to reference + this resource. If you're bringing your subnet, set the + AWS subnet-id here, it must start with `subnet-`. \n When + the VPC is managed by CAPA, and you'd like the provider + to create a subnet for you, the id can be set to any placeholder + value that does not start with `subnet-`; upon creation, + the subnet AWS identifier will be populated in the `ResourceID` + field and the `id` field is going to be used as the subnet + name. If you specify a tag called `Name`, it takes precedence." + type: string + ipv6CidrBlock: + description: IPv6CidrBlock is the IPv6 CIDR block to be + used when the provider creates a managed VPC. A subnet + can have an IPv4 and an IPv6 address. IPv6 is only supported + in managed clusters, this field cannot be set on AWSCluster + object. + type: string + isIpv6: + description: IsIPv6 defines the subnet as an IPv6 subnet. + A subnet is IPv6 when it is associated with a VPC that + has IPv6 enabled. IPv6 is only supported in managed clusters, + this field cannot be set on AWSCluster object. + type: boolean + isPublic: + description: IsPublic defines the subnet as a public subnet. + A subnet is public when it is associated with a route + table that has a route to an internet gateway. + type: boolean + natGatewayId: + description: NatGatewayID is the NAT gateway id associated + with the subnet. Ignored unless the subnet is managed + by the provider, in which case this is set on the public + subnet where the NAT gateway resides. It is then used + to determine routes for private subnets in the same AZ + as the public subnet. + type: string + resourceID: + description: ResourceID is the subnet identifier from AWS, + READ ONLY. This field is populated when the provider manages + the subnet. + type: string + routeTableId: + description: RouteTableID is the routing table id associated + with the subnet. + type: string + tags: + additionalProperties: + type: string + description: Tags is a collection of tags describing the + resource. + type: object + required: + - id + type: object + type: array + x-kubernetes-list-map-keys: + - id + x-kubernetes-list-type: map + vpc: + description: VPC configuration. + properties: + availabilityZoneSelection: + default: Ordered + description: 'AvailabilityZoneSelection specifies how AZs + should be selected if there are more AZs in a region than + specified by AvailabilityZoneUsageLimit. There are 2 selection + schemes: Ordered - selects based on alphabetical order Random + - selects AZs randomly in a region Defaults to Ordered' + enum: + - Ordered + - Random + type: string + availabilityZoneUsageLimit: + default: 3 + description: AvailabilityZoneUsageLimit specifies the maximum + number of availability zones (AZ) that should be used in + a region when automatically creating subnets. If a region + has more than this number of AZs then this number of AZs + will be picked randomly when creating default subnets. Defaults + to 3 + minimum: 1 + type: integer + cidrBlock: + description: CidrBlock is the CIDR block to be used when the + provider creates a managed VPC. Defaults to 10.0.0.0/16. + Mutually exclusive with IPAMPool. + type: string + emptyRoutesDefaultVPCSecurityGroup: + description: "EmptyRoutesDefaultVPCSecurityGroup specifies + whether the default VPC security group ingress and egress + rules should be removed. \n By default, when creating a + VPC, AWS creates a security group called `default` with + ingress and egress rules that allow traffic from anywhere. + The group could be used as a potential surface attack and + it's generally suggested that the group rules are removed + or modified appropriately. \n NOTE: This only applies when + the VPC is managed by the Cluster API AWS controller." + type: boolean + id: + description: ID is the vpc-id of the VPC this provider should + use to create resources. + type: string + internetGatewayId: + description: InternetGatewayID is the id of the internet gateway + associated with the VPC. + type: string + ipamPool: + description: IPAMPool defines the IPAMv4 pool to be used for + VPC. Mutually exclusive with CidrBlock. + properties: + id: + description: ID is the ID of the IPAM pool this provider + should use to create VPC. + type: string + name: + description: Name is the name of the IPAM pool this provider + should use to create VPC. + type: string + netmaskLength: + description: The netmask length of the IPv4 CIDR you want + to allocate to VPC from an Amazon VPC IP Address Manager + (IPAM) pool. Defaults to /16 for IPv4 if not specified. + format: int64 + type: integer + type: object + ipv6: + description: IPv6 contains ipv6 specific settings for the + network. Supported only in managed clusters. This field + cannot be set on AWSCluster object. + properties: + cidrBlock: + description: CidrBlock is the CIDR block provided by Amazon + when VPC has enabled IPv6. Mutually exclusive with IPAMPool. + type: string + egressOnlyInternetGatewayId: + description: EgressOnlyInternetGatewayID is the id of + the egress only internet gateway associated with an + IPv6 enabled VPC. + type: string + ipamPool: + description: IPAMPool defines the IPAMv6 pool to be used + for VPC. Mutually exclusive with CidrBlock. + properties: + id: + description: ID is the ID of the IPAM pool this provider + should use to create VPC. + type: string + name: + description: Name is the name of the IPAM pool this + provider should use to create VPC. + type: string + netmaskLength: + description: The netmask length of the IPv4 CIDR you + want to allocate to VPC from an Amazon VPC IP Address + Manager (IPAM) pool. Defaults to /16 for IPv4 if + not specified. + format: int64 + type: integer + type: object + poolId: + description: PoolID is the IP pool which must be defined + in case of BYO IP is defined. Must be specified if CidrBlock + is set. Mutually exclusive with IPAMPool. + type: string + type: object + privateDnsHostnameTypeOnLaunch: + description: PrivateDNSHostnameTypeOnLaunch is the type of + hostname to assign to instances in the subnet at launch. + For IPv4-only and dual-stack (IPv4 and IPv6) subnets, an + instance DNS name can be based on the instance IPv4 address + (ip-name) or the instance ID (resource-name). For IPv6 only + subnets, an instance DNS name must be based on the instance + ID (resource-name). + enum: + - ip-name + - resource-name + type: string + tags: + additionalProperties: + type: string + description: Tags is a collection of tags describing the resource. + type: object + type: object + type: object + oidcIdentityProviderConfig: + description: IdentityProviderconfig is used to specify the oidc provider + config to be attached with this eks cluster + properties: + clientId: + description: This is also known as audience. The ID for the client + application that makes authentication requests to the OpenID + identity provider. + type: string + groupsClaim: + description: The JWT claim that the provider uses to return your + groups. + type: string + groupsPrefix: + description: 'The prefix that is prepended to group claims to + prevent clashes with existing names (such as system: groups). + For example, the valueoidc: will create group names like oidc:engineering + and oidc:infra.' + type: string + identityProviderConfigName: + description: "The name of the OIDC provider configuration. \n + IdentityProviderConfigName is a required field" + type: string + issuerUrl: + description: The URL of the OpenID identity provider that allows + the API server to discover public signing keys for verifying + tokens. The URL must begin with https:// and should correspond + to the iss claim in the provider's OIDC ID tokens. Per the OIDC + standard, path components are allowed but query parameters are + not. Typically the URL consists of only a hostname, like https://server.example.org + or https://example.com. This URL should point to the level below + .well-known/openid-configuration and must be publicly accessible + over the internet. + type: string + requiredClaims: + additionalProperties: + type: string + description: The key value pairs that describe required claims + in the identity token. If set, each claim is verified to be + present in the token with a matching value. For the maximum + number of claims that you can require, see Amazon EKS service + quotas (https://docs.aws.amazon.com/eks/latest/userguide/service-quotas.html) + in the Amazon EKS User Guide. + type: object + tags: + additionalProperties: + type: string + description: tags to apply to oidc identity provider association + type: object + usernameClaim: + description: The JSON Web Token (JWT) claim to use as the username. + The default is sub, which is expected to be a unique identifier + of the end user. You can choose other claims, such as email + or name, depending on the OpenID identity provider. Claims other + than email are prefixed with the issuer URL to prevent naming + clashes with other plug-ins. + type: string + usernamePrefix: + description: The prefix that is prepended to username claims to + prevent clashes with existing names. If you do not provide this + field, and username is a value other than email, the prefix + defaults to issuerurl#. You can use the value - to disable all + prefixing. + type: string + type: object + partition: + description: Partition is the AWS security partition being used. Defaults + to "aws" + type: string + region: + description: The AWS Region the cluster lives in. + type: string + roleAdditionalPolicies: + description: RoleAdditionalPolicies allows you to attach additional + polices to the control plane role. You must enable the EKSAllowAddRoles + feature flag to incorporate these into the created role. + items: + type: string + type: array + roleName: + description: RoleName specifies the name of IAM role that gives EKS + permission to make API calls. If the role is pre-existing we will + treat it as unmanaged and not delete it on deletion. If the EKSEnableIAM + feature flag is true and no name is supplied then a role is created. + minLength: 2 + type: string + secondaryCidrBlock: + description: SecondaryCidrBlock is the additional CIDR range to use + for pod IPs. Must be within the 100.64.0.0/10 or 198.19.0.0/16 range. + type: string + sshKeyName: + description: SSHKeyName is the name of the ssh key to attach to the + bastion host. Valid values are empty string (do not use SSH keys), + a valid SSH key name, or omitted (use the default SSH key name) + type: string + tokenMethod: + default: iam-authenticator + description: TokenMethod is used to specify the method for obtaining + a client token for communicating with EKS iam-authenticator - obtains + a client token using iam-authentictor aws-cli - obtains a client + token using the AWS CLI Defaults to iam-authenticator + enum: + - iam-authenticator + - aws-cli + type: string + version: + description: Version defines the desired Kubernetes version. If no + version number is supplied then the latest version of Kubernetes + that EKS supports will be used. + minLength: 2 + pattern: ^v?(0|[1-9][0-9]*)\.(0|[1-9][0-9]*)\.?(\.0|[1-9][0-9]*)?$ + type: string + vpcCni: + description: VpcCni is used to set configuration options for the VPC + CNI plugin + properties: + disable: + default: false + description: Disable indicates that the Amazon VPC CNI should + be disabled. With EKS clusters the Amazon VPC CNI is automatically + installed into the cluster. For clusters where you want to use + an alternate CNI this option provides a way to specify that + the Amazon VPC CNI should be deleted. You cannot set this to + true if you are using the Amazon VPC CNI addon. + type: boolean + env: + description: Env defines a list of environment variables to apply + to the `aws-node` DaemonSet + items: + description: EnvVar represents an environment variable present + in a Container. + properties: + name: + description: Name of the environment variable. Must be a + C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are expanded + using the previously defined environment variables in + the container and any service environment variables. If + a variable cannot be resolved, the reference in the input + string will be unchanged. Double $$ are reduced to a single + $, which allows for escaping the $(VAR_NAME) syntax: i.e. + "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless + of whether the variable exists or not. Defaults to "".' + type: string + valueFrom: + description: Source for the environment variable's value. + Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + description: 'Selects a field of the pod: supports metadata.name, + metadata.namespace, `metadata.labels['''']`, + `metadata.annotations['''']`, spec.nodeName, + spec.serviceAccountName, status.hostIP, status.podIP, + status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the + specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + description: 'Selects a resource of the container: only + resources limits and requests (limits.cpu, limits.memory, + limits.ephemeral-storage, requests.cpu, requests.memory + and requests.ephemeral-storage) are currently supported.' + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of the + exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + description: Selects a key of a secret in the pod's + namespace + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array + type: object + type: object + status: + description: AWSManagedControlPlaneStatus defines the observed state of + an Amazon EKS Cluster. + properties: + addons: + description: Addons holds the current status of the EKS addons + items: + description: AddonState represents the state of an addon. + properties: + arn: + description: ARN is the AWS ARN of the addon + type: string + createdAt: + description: CreatedAt is the date and time the addon was created + at + format: date-time + type: string + issues: + description: Issues is a list of issue associated with the addon + items: + description: AddonIssue represents an issue with an addon. + properties: + code: + description: Code is the issue code + type: string + message: + description: Message is the textual description of the + issue + type: string + resourceIds: + description: ResourceIDs is a list of resource ids for + the issue + items: + type: string + type: array + type: object + type: array + modifiedAt: + description: ModifiedAt is the date and time the addon was last + modified + format: date-time + type: string + name: + description: Name is the name of the addon + type: string + serviceAccountRoleARN: + description: ServiceAccountRoleArn is the ARN of the IAM role + used for the service account + type: string + status: + description: Status is the status of the addon + type: string + version: + description: Version is the version of the addon to use + type: string + required: + - arn + - name + - version + type: object + type: array + bastion: + description: Bastion holds details of the instance that is used as + a bastion jump box + properties: + addresses: + description: Addresses contains the AWS instance associated addresses. + items: + description: MachineAddress contains information for the node's + address. + properties: + address: + description: The machine address. + type: string + type: + description: Machine address type, one of Hostname, ExternalIP, + InternalIP, ExternalDNS or InternalDNS. + type: string + required: + - address + - type + type: object + type: array + availabilityZone: + description: Availability zone of instance + type: string + ebsOptimized: + description: Indicates whether the instance is optimized for Amazon + EBS I/O. + type: boolean + enaSupport: + description: Specifies whether enhanced networking with ENA is + enabled. + type: boolean + iamProfile: + description: The name of the IAM instance profile associated with + the instance, if applicable. + type: string + id: + type: string + imageId: + description: The ID of the AMI used to launch the instance. + type: string + instanceMetadataOptions: + description: InstanceMetadataOptions is the metadata options for + the EC2 instance. + properties: + httpEndpoint: + default: enabled + description: "Enables or disables the HTTP metadata endpoint + on your instances. \n If you specify a value of disabled, + you cannot access your instance metadata. \n Default: enabled" + enum: + - enabled + - disabled + type: string + httpPutResponseHopLimit: + default: 1 + description: "The desired HTTP PUT response hop limit for + instance metadata requests. The larger the number, the further + instance metadata requests can travel. \n Default: 1" + format: int64 + maximum: 64 + minimum: 1 + type: integer + httpTokens: + default: optional + description: "The state of token usage for your instance metadata + requests. \n If the state is optional, you can choose to + retrieve instance metadata with or without a session token + on your request. If you retrieve the IAM role credentials + without a token, the version 1.0 role credentials are returned. + If you retrieve the IAM role credentials using a valid session + token, the version 2.0 role credentials are returned. \n + If the state is required, you must send a session token + with any instance metadata retrieval requests. In this state, + retrieving the IAM role credentials always returns the version + 2.0 credentials; the version 1.0 credentials are not available. + \n Default: optional" + enum: + - optional + - required + type: string + instanceMetadataTags: + default: disabled + description: "Set to enabled to allow access to instance tags + from the instance metadata. Set to disabled to turn off + access to instance tags from the instance metadata. For + more information, see Work with instance tags using the + instance metadata (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Using_Tags.html#work-with-tags-in-IMDS). + \n Default: disabled" + enum: + - enabled + - disabled + type: string + type: object + instanceState: + description: The current state of the instance. + type: string + networkInterfaces: + description: Specifies ENIs attached to instance + items: + type: string + type: array + nonRootVolumes: + description: Configuration options for the non root storage volumes. + items: + description: Volume encapsulates the configuration options for + the storage device. + properties: + deviceName: + description: Device name + type: string + encrypted: + description: Encrypted is whether the volume should be encrypted + or not. + type: boolean + encryptionKey: + description: EncryptionKey is the KMS key to use to encrypt + the volume. Can be either a KMS key ID or ARN. If Encrypted + is set and this is omitted, the default AWS key will be + used. The key must already exist and be accessible by + the controller. + type: string + iops: + description: IOPS is the number of IOPS requested for the + disk. Not applicable to all types. + format: int64 + type: integer + size: + description: Size specifies size (in Gi) of the storage + device. Must be greater than the image snapshot size or + 8 (whichever is greater). + format: int64 + minimum: 8 + type: integer + throughput: + description: Throughput to provision in MiB/s supported + for the volume type. Not applicable to all types. + format: int64 + type: integer + type: + description: Type is the type of the volume (e.g. gp2, io1, + etc...). + type: string + required: + - size + type: object + type: array + placementGroupName: + description: PlacementGroupName specifies the name of the placement + group in which to launch the instance. + type: string + privateDnsName: + description: PrivateDNSName is the options for the instance hostname. + properties: + enableResourceNameDnsAAAARecord: + description: EnableResourceNameDNSAAAARecord indicates whether + to respond to DNS queries for instance hostnames with DNS + AAAA records. + type: boolean + enableResourceNameDnsARecord: + description: EnableResourceNameDNSARecord indicates whether + to respond to DNS queries for instance hostnames with DNS + A records. + type: boolean + hostnameType: + description: The type of hostname to assign to an instance. + enum: + - ip-name + - resource-name + type: string + type: object + privateIp: + description: The private IPv4 address assigned to the instance. + type: string + publicIp: + description: The public IPv4 address assigned to the instance, + if applicable. + type: string + rootVolume: + description: Configuration options for the root storage volume. + properties: + deviceName: + description: Device name + type: string + encrypted: + description: Encrypted is whether the volume should be encrypted + or not. + type: boolean + encryptionKey: + description: EncryptionKey is the KMS key to use to encrypt + the volume. Can be either a KMS key ID or ARN. If Encrypted + is set and this is omitted, the default AWS key will be + used. The key must already exist and be accessible by the + controller. + type: string + iops: + description: IOPS is the number of IOPS requested for the + disk. Not applicable to all types. + format: int64 + type: integer + size: + description: Size specifies size (in Gi) of the storage device. + Must be greater than the image snapshot size or 8 (whichever + is greater). + format: int64 + minimum: 8 + type: integer + throughput: + description: Throughput to provision in MiB/s supported for + the volume type. Not applicable to all types. + format: int64 + type: integer + type: + description: Type is the type of the volume (e.g. gp2, io1, + etc...). + type: string + required: + - size + type: object + securityGroupIds: + description: SecurityGroupIDs are one or more security group IDs + this instance belongs to. + items: + type: string + type: array + spotMarketOptions: + description: SpotMarketOptions option for configuring instances + to be run using AWS Spot instances. + properties: + maxPrice: + description: MaxPrice defines the maximum price the user is + willing to pay for Spot VM instances + type: string + type: object + sshKeyName: + description: The name of the SSH key pair. + type: string + subnetId: + description: The ID of the subnet of the instance. + type: string + tags: + additionalProperties: + type: string + description: The tags associated with the instance. + type: object + tenancy: + description: Tenancy indicates if instance should run on shared + or single-tenant hardware. + type: string + type: + description: The instance type. + type: string + userData: + description: UserData is the raw data script passed to the instance + which is run upon bootstrap. This field must not be base64 encoded + and should only be used when running a new instance. + type: string + volumeIDs: + description: IDs of the instance's volumes + items: + type: string + type: array + required: + - id + type: object + conditions: + description: Conditions specifies the cpnditions for the managed control + plane + items: + description: Condition defines an observation of a Cluster API resource + operational state. + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. This should be when the underlying condition changed. + If that is not known, then using the time when the API field + changed is acceptable. + format: date-time + type: string + message: + description: A human readable message indicating details about + the transition. This field may be empty. + type: string + reason: + description: The reason for the condition's last transition + in CamelCase. The specific API may choose whether or not this + field is considered a guaranteed API. This field may not be + empty. + type: string + severity: + description: Severity provides an explicit classification of + Reason code, so the users or machines can immediately understand + the current situation and act accordingly. The Severity field + MUST be set only when Status=False. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition in CamelCase or in foo.example.com/CamelCase. + Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be useful + (see .node.status.conditions), the ability to deconflict is + important. + type: string + required: + - lastTransitionTime + - status + - type + type: object + type: array + externalManagedControlPlane: + default: true + description: ExternalManagedControlPlane indicates to cluster-api + that the control plane is managed by an external service such as + AKS, EKS, GKE, etc. + type: boolean + failureDomains: + additionalProperties: + description: FailureDomainSpec is the Schema for Cluster API failure + domains. It allows controllers to understand how many failure + domains a cluster can optionally span across. + properties: + attributes: + additionalProperties: + type: string + description: Attributes is a free form map of attributes an + infrastructure provider might use or require. + type: object + controlPlane: + description: ControlPlane determines if this failure domain + is suitable for use by control plane machines. + type: boolean + type: object + description: FailureDomains specifies a list fo available availability + zones that can be used + type: object + failureMessage: + description: ErrorMessage indicates that there is a terminal problem + reconciling the state, and will be set to a descriptive error message. + type: string + identityProviderStatus: + description: IdentityProviderStatus holds the status for associated + identity provider + properties: + arn: + description: ARN holds the ARN of associated identity provider + type: string + status: + description: Status holds current status of associated identity + provider + type: string + type: object + initialized: + description: Initialized denotes whether or not the control plane + has the uploaded kubernetes config-map. + type: boolean + networkStatus: + description: Networks holds details about the AWS networking resources + used by the control plane + properties: + apiServerElb: + description: APIServerELB is the Kubernetes api server load balancer. + properties: + arn: + description: ARN of the load balancer. Unlike the ClassicLB, + ARN is used mostly to define and get it. + type: string + attributes: + description: ClassicElbAttributes defines extra attributes + associated with the load balancer. + properties: + crossZoneLoadBalancing: + description: CrossZoneLoadBalancing enables the classic + load balancer load balancing. + type: boolean + idleTimeout: + description: IdleTimeout is time that the connection is + allowed to be idle (no data has been sent over the connection) + before it is closed by the load balancer. + format: int64 + type: integer + type: object + availabilityZones: + description: AvailabilityZones is an array of availability + zones in the VPC attached to the load balancer. + items: + type: string + type: array + dnsName: + description: DNSName is the dns name of the load balancer. + type: string + elbAttributes: + additionalProperties: + type: string + description: ELBAttributes defines extra attributes associated + with v2 load balancers. + type: object + elbListeners: + description: ELBListeners is an array of listeners associated + with the load balancer. There must be at least one. + items: + description: Listener defines an AWS network load balancer + listener. + properties: + port: + format: int64 + type: integer + protocol: + description: ELBProtocol defines listener protocols + for a load balancer. + type: string + targetGroup: + description: TargetGroupSpec specifies target group + settings for a given listener. This is created first, + and the ARN is then passed to the listener. + properties: + name: + description: Name of the TargetGroup. Must be unique + over the same group of listeners. + type: string + port: + description: Port is the exposed port + format: int64 + type: integer + protocol: + description: ELBProtocol defines listener protocols + for a load balancer. + enum: + - tcp + - tls + - udp + - TCP + - TLS + - UDP + type: string + targetGroupHealthCheck: + description: HealthCheck is the elb health check + associated with the load balancer. + properties: + intervalSeconds: + format: int64 + type: integer + path: + type: string + port: + type: string + protocol: + type: string + thresholdCount: + format: int64 + type: integer + timeoutSeconds: + format: int64 + type: integer + type: object + vpcId: + type: string + required: + - name + - port + - protocol + - vpcId + type: object + required: + - port + - protocol + - targetGroup + type: object + type: array + healthChecks: + description: HealthCheck is the classic elb health check associated + with the load balancer. + properties: + healthyThreshold: + format: int64 + type: integer + interval: + description: A Duration represents the elapsed time between + two instants as an int64 nanosecond count. The representation + limits the largest representable duration to approximately + 290 years. + format: int64 + type: integer + target: + type: string + timeout: + description: A Duration represents the elapsed time between + two instants as an int64 nanosecond count. The representation + limits the largest representable duration to approximately + 290 years. + format: int64 + type: integer + unhealthyThreshold: + format: int64 + type: integer + required: + - healthyThreshold + - interval + - target + - timeout + - unhealthyThreshold + type: object + listeners: + description: ClassicELBListeners is an array of classic elb + listeners associated with the load balancer. There must + be at least one. + items: + description: ClassicELBListener defines an AWS classic load + balancer listener. + properties: + instancePort: + format: int64 + type: integer + instanceProtocol: + description: ELBProtocol defines listener protocols + for a load balancer. + type: string + port: + format: int64 + type: integer + protocol: + description: ELBProtocol defines listener protocols + for a load balancer. + type: string + required: + - instancePort + - instanceProtocol + - port + - protocol + type: object + type: array + loadBalancerType: + description: LoadBalancerType sets the type for a load balancer. + The default type is classic. + enum: + - classic + - elb + - alb + - nlb + type: string + name: + description: The name of the load balancer. It must be unique + within the set of load balancers defined in the region. + It also serves as identifier. + type: string + scheme: + description: Scheme is the load balancer scheme, either internet-facing + or private. + type: string + securityGroupIds: + description: SecurityGroupIDs is an array of security groups + assigned to the load balancer. + items: + type: string + type: array + subnetIds: + description: SubnetIDs is an array of subnets in the VPC attached + to the load balancer. + items: + type: string + type: array + tags: + additionalProperties: + type: string + description: Tags is a map of tags associated with the load + balancer. + type: object + type: object + natGatewaysIPs: + description: NatGatewaysIPs contains the public IPs of the NAT + Gateways + items: + type: string + type: array + secondaryAPIServerELB: + description: SecondaryAPIServerELB is the secondary Kubernetes + api server load balancer. + properties: + arn: + description: ARN of the load balancer. Unlike the ClassicLB, + ARN is used mostly to define and get it. + type: string + attributes: + description: ClassicElbAttributes defines extra attributes + associated with the load balancer. + properties: + crossZoneLoadBalancing: + description: CrossZoneLoadBalancing enables the classic + load balancer load balancing. + type: boolean + idleTimeout: + description: IdleTimeout is time that the connection is + allowed to be idle (no data has been sent over the connection) + before it is closed by the load balancer. + format: int64 + type: integer + type: object + availabilityZones: + description: AvailabilityZones is an array of availability + zones in the VPC attached to the load balancer. + items: + type: string + type: array + dnsName: + description: DNSName is the dns name of the load balancer. + type: string + elbAttributes: + additionalProperties: + type: string + description: ELBAttributes defines extra attributes associated + with v2 load balancers. + type: object + elbListeners: + description: ELBListeners is an array of listeners associated + with the load balancer. There must be at least one. + items: + description: Listener defines an AWS network load balancer + listener. + properties: + port: + format: int64 + type: integer + protocol: + description: ELBProtocol defines listener protocols + for a load balancer. + type: string + targetGroup: + description: TargetGroupSpec specifies target group + settings for a given listener. This is created first, + and the ARN is then passed to the listener. + properties: + name: + description: Name of the TargetGroup. Must be unique + over the same group of listeners. + type: string + port: + description: Port is the exposed port + format: int64 + type: integer + protocol: + description: ELBProtocol defines listener protocols + for a load balancer. + enum: + - tcp + - tls + - udp + - TCP + - TLS + - UDP + type: string + targetGroupHealthCheck: + description: HealthCheck is the elb health check + associated with the load balancer. + properties: + intervalSeconds: + format: int64 + type: integer + path: + type: string + port: + type: string + protocol: + type: string + thresholdCount: + format: int64 + type: integer + timeoutSeconds: + format: int64 + type: integer + type: object + vpcId: + type: string + required: + - name + - port + - protocol + - vpcId + type: object + required: + - port + - protocol + - targetGroup + type: object + type: array + healthChecks: + description: HealthCheck is the classic elb health check associated + with the load balancer. + properties: + healthyThreshold: + format: int64 + type: integer + interval: + description: A Duration represents the elapsed time between + two instants as an int64 nanosecond count. The representation + limits the largest representable duration to approximately + 290 years. + format: int64 + type: integer + target: + type: string + timeout: + description: A Duration represents the elapsed time between + two instants as an int64 nanosecond count. The representation + limits the largest representable duration to approximately + 290 years. + format: int64 + type: integer + unhealthyThreshold: + format: int64 + type: integer + required: + - healthyThreshold + - interval + - target + - timeout + - unhealthyThreshold + type: object + listeners: + description: ClassicELBListeners is an array of classic elb + listeners associated with the load balancer. There must + be at least one. + items: + description: ClassicELBListener defines an AWS classic load + balancer listener. + properties: + instancePort: + format: int64 + type: integer + instanceProtocol: + description: ELBProtocol defines listener protocols + for a load balancer. + type: string + port: + format: int64 + type: integer + protocol: + description: ELBProtocol defines listener protocols + for a load balancer. + type: string + required: + - instancePort + - instanceProtocol + - port + - protocol + type: object + type: array + loadBalancerType: + description: LoadBalancerType sets the type for a load balancer. + The default type is classic. + enum: + - classic + - elb + - alb + - nlb + type: string + name: + description: The name of the load balancer. It must be unique + within the set of load balancers defined in the region. + It also serves as identifier. + type: string + scheme: + description: Scheme is the load balancer scheme, either internet-facing + or private. + type: string + securityGroupIds: + description: SecurityGroupIDs is an array of security groups + assigned to the load balancer. + items: + type: string + type: array + subnetIds: + description: SubnetIDs is an array of subnets in the VPC attached + to the load balancer. + items: + type: string + type: array + tags: + additionalProperties: + type: string + description: Tags is a map of tags associated with the load + balancer. + type: object + type: object + securityGroups: + additionalProperties: + description: SecurityGroup defines an AWS security group. + properties: + id: + description: ID is a unique identifier. + type: string + ingressRule: + description: IngressRules is the inbound rules associated + with the security group. + items: + description: IngressRule defines an AWS ingress rule for + security groups. + properties: + cidrBlocks: + description: List of CIDR blocks to allow access from. + Cannot be specified with SourceSecurityGroupID. + items: + type: string + type: array + description: + description: Description provides extended information + about the ingress rule. + type: string + fromPort: + description: FromPort is the start of port range. + format: int64 + type: integer + ipv6CidrBlocks: + description: List of IPv6 CIDR blocks to allow access + from. Cannot be specified with SourceSecurityGroupID. + items: + type: string + type: array + protocol: + description: Protocol is the protocol for the ingress + rule. Accepted values are "-1" (all), "4" (IP in + IP),"tcp", "udp", "icmp", and "58" (ICMPv6), "50" + (ESP). + enum: + - "-1" + - "4" + - tcp + - udp + - icmp + - "58" + - "50" + type: string + sourceSecurityGroupIds: + description: The security group id to allow access + from. Cannot be specified with CidrBlocks. + items: + type: string + type: array + sourceSecurityGroupRoles: + description: The security group role to allow access + from. Cannot be specified with CidrBlocks. The field + will be combined with source security group IDs + if specified. + items: + description: SecurityGroupRole defines the unique + role of a security group. + enum: + - bastion + - node + - controlplane + - apiserver-lb + - lb + - node-eks-additional + type: string + type: array + toPort: + description: ToPort is the end of port range. + format: int64 + type: integer + required: + - description + - fromPort + - protocol + - toPort + type: object + type: array + name: + description: Name is the security group name. + type: string + tags: + additionalProperties: + type: string + description: Tags is a map of tags associated with the security + group. + type: object + required: + - id + - name + type: object + description: SecurityGroups is a map from the role/kind of the + security group to its unique name, if any. + type: object + type: object + oidcProvider: + description: OIDCProvider holds the status of the identity provider + for this cluster + properties: + arn: + description: ARN holds the ARN of the provider + type: string + trustPolicy: + description: TrustPolicy contains the boilerplate IAM trust policy + to use for IRSA + type: string + type: object + ready: + default: false + description: Ready denotes that the AWSManagedControlPlane API Server + is ready to receive requests and that the VPC infra is ready. + type: boolean + required: + - ready + type: object + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.13.0 + labels: + cluster.x-k8s.io/provider: infrastructure-aws + cluster.x-k8s.io/v1alpha3: v1alpha3 + cluster.x-k8s.io/v1alpha4: v1alpha4 + cluster.x-k8s.io/v1beta1: v1beta1_v1beta2 + name: awsmanagedmachinepools.infrastructure.cluster.x-k8s.io +spec: + group: infrastructure.cluster.x-k8s.io + names: + categories: + - cluster-api + kind: AWSManagedMachinePool + listKind: AWSManagedMachinePoolList + plural: awsmanagedmachinepools + shortNames: + - awsmmp + singular: awsmanagedmachinepool + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: MachinePool ready status + jsonPath: .status.ready + name: Ready + type: string + - description: Number of replicas + jsonPath: .status.replicas + name: Replicas + type: integer + name: v1beta1 + schema: + openAPIV3Schema: + description: AWSManagedMachinePool is the Schema for the awsmanagedmachinepools + API. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: AWSManagedMachinePoolSpec defines the desired state of AWSManagedMachinePool. + properties: + additionalTags: + additionalProperties: + type: string + description: AdditionalTags is an optional set of tags to add to AWS + resources managed by the AWS provider, in addition to the ones added + by default. + type: object + amiType: + default: AL2_x86_64 + description: AMIType defines the AMI type + enum: + - AL2_x86_64 + - AL2_x86_64_GPU + - AL2_ARM_64 + - CUSTOM + type: string + amiVersion: + description: AMIVersion defines the desired AMI release version. If + no version number is supplied then the latest version for the Kubernetes + version will be used + minLength: 2 + type: string + availabilityZones: + description: AvailabilityZones is an array of availability zones instances + can run in + items: + type: string + type: array + awsLaunchTemplate: + description: AWSLaunchTemplate specifies the launch template to use + to create the managed node group. If AWSLaunchTemplate is specified, + certain node group configuraions outside of launch template are + prohibited (https://docs.aws.amazon.com/eks/latest/userguide/launch-templates.html). + properties: + additionalSecurityGroups: + description: AdditionalSecurityGroups is an array of references + to security groups that should be applied to the instances. + These security groups would be set in addition to any security + groups defined at the cluster level or in the actuator. + items: + description: AWSResourceReference is a reference to a specific + AWS resource by ID or filters. Only one of ID or Filters may + be specified. Specifying more than one will result in a validation + error. + properties: + filters: + description: 'Filters is a set of key/value pairs used to + identify a resource They are applied according to the + rules defined by the AWS API: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Using_Filtering.html' + items: + description: Filter is a filter used to identify an AWS + resource. + properties: + name: + description: Name of the filter. Filter names are + case-sensitive. + type: string + values: + description: Values includes one or more filter values. + Filter values are case-sensitive. + items: + type: string + type: array + required: + - name + - values + type: object + type: array + id: + description: ID of resource + type: string + type: object + type: array + ami: + description: AMI is the reference to the AMI from which to create + the machine instance. + properties: + eksLookupType: + description: EKSOptimizedLookupType If specified, will look + up an EKS Optimized image in SSM Parameter store + enum: + - AmazonLinux + - AmazonLinuxGPU + type: string + id: + description: ID of resource + type: string + type: object + iamInstanceProfile: + description: The name or the Amazon Resource Name (ARN) of the + instance profile associated with the IAM role for the instance. + The instance profile contains the IAM role. + type: string + imageLookupBaseOS: + description: ImageLookupBaseOS is the name of the base operating + system to use for image lookup the AMI is not set. + type: string + imageLookupFormat: + description: 'ImageLookupFormat is the AMI naming format to look + up the image for this machine It will be ignored if an explicit + AMI is set. Supports substitutions for {{.BaseOS}} and {{.K8sVersion}} + with the base OS and kubernetes version, respectively. The BaseOS + will be the value in ImageLookupBaseOS or ubuntu (the default), + and the kubernetes version as defined by the packages produced + by kubernetes/release without v as a prefix: 1.13.0, 1.12.5-mybuild.1, + or 1.17.3. For example, the default image format of capa-ami-{{.BaseOS}}-?{{.K8sVersion}}-* + will end up searching for AMIs that match the pattern capa-ami-ubuntu-?1.18.0-* + for a Machine that is targeting kubernetes v1.18.0 and the ubuntu + base OS. See also: https://golang.org/pkg/text/template/' + type: string + imageLookupOrg: + description: ImageLookupOrg is the AWS Organization ID to use + for image lookup if AMI is not set. + type: string + instanceType: + description: 'InstanceType is the type of instance to create. + Example: m4.xlarge' + type: string + name: + description: The name of the launch template. + type: string + rootVolume: + description: RootVolume encapsulates the configuration options + for the root volume + properties: + deviceName: + description: Device name + type: string + encrypted: + description: Encrypted is whether the volume should be encrypted + or not. + type: boolean + encryptionKey: + description: EncryptionKey is the KMS key to use to encrypt + the volume. Can be either a KMS key ID or ARN. If Encrypted + is set and this is omitted, the default AWS key will be + used. The key must already exist and be accessible by the + controller. + type: string + iops: + description: IOPS is the number of IOPS requested for the + disk. Not applicable to all types. + format: int64 + type: integer + size: + description: Size specifies size (in Gi) of the storage device. + Must be greater than the image snapshot size or 8 (whichever + is greater). + format: int64 + minimum: 8 + type: integer + throughput: + description: Throughput to provision in MiB/s supported for + the volume type. Not applicable to all types. + format: int64 + type: integer + type: + description: Type is the type of the volume (e.g. gp2, io1, + etc...). + type: string + required: + - size + type: object + spotMarketOptions: + description: SpotMarketOptions are options for configuring AWSMachinePool + instances to be run using AWS Spot instances. + properties: + maxPrice: + description: MaxPrice defines the maximum price the user is + willing to pay for Spot VM instances + type: string + type: object + sshKeyName: + description: SSHKeyName is the name of the ssh key to attach to + the instance. Valid values are empty string (do not use SSH + keys), a valid SSH key name, or omitted (use the default SSH + key name) + type: string + versionNumber: + description: 'VersionNumber is the version of the launch template + that is applied. Typically a new version is created when at + least one of the following happens: 1) A new launch template + spec is applied. 2) One or more parameters in an existing template + is changed. 3) A new AMI is discovered.' + format: int64 + type: integer + type: object + capacityType: + default: onDemand + description: CapacityType specifies the capacity type for the ASG + behind this pool + enum: + - onDemand + - spot + type: string + diskSize: + description: DiskSize specifies the root disk size + format: int32 + type: integer + eksNodegroupName: + description: EKSNodegroupName specifies the name of the nodegroup + in AWS corresponding to this MachinePool. If you don't specify a + name then a default name will be created based on the namespace + and name of the managed machine pool. + type: string + instanceType: + description: InstanceType specifies the AWS instance type + type: string + labels: + additionalProperties: + type: string + description: Labels specifies labels for the Kubernetes node objects + type: object + providerIDList: + description: ProviderIDList are the provider IDs of instances in the + autoscaling group corresponding to the nodegroup represented by + this machine pool + items: + type: string + type: array + remoteAccess: + description: RemoteAccess specifies how machines can be accessed remotely + properties: + public: + description: Public specifies whether to open port 22 to the public + internet + type: boolean + sourceSecurityGroups: + description: SourceSecurityGroups specifies which security groups + are allowed access + items: + type: string + type: array + sshKeyName: + description: SSHKeyName specifies which EC2 SSH key can be used + to access machines. If left empty, the key from the control + plane is used. + type: string + type: object + roleAdditionalPolicies: + description: RoleAdditionalPolicies allows you to attach additional + polices to the node group role. You must enable the EKSAllowAddRoles + feature flag to incorporate these into the created role. + items: + type: string + type: array + roleName: + description: RoleName specifies the name of IAM role for the node + group. If the role is pre-existing we will treat it as unmanaged + and not delete it on deletion. If the EKSEnableIAM feature flag + is true and no name is supplied then a role is created. + type: string + scaling: + description: Scaling specifies scaling for the ASG behind this pool + properties: + maxSize: + format: int32 + type: integer + minSize: + format: int32 + type: integer + type: object + subnetIDs: + description: SubnetIDs specifies which subnets are used for the auto + scaling group of this nodegroup + items: + type: string + type: array + taints: + description: Taints specifies the taints to apply to the nodes of + the machine pool + items: + description: Taint defines the specs for a Kubernetes taint. + properties: + effect: + description: Effect specifies the effect for the taint + enum: + - no-schedule + - no-execute + - prefer-no-schedule + type: string + key: + description: Key is the key of the taint + type: string + value: + description: Value is the value of the taint + type: string + required: + - effect + - key + - value + type: object + type: array + updateConfig: + description: UpdateConfig holds the optional config to control the + behaviour of the update to the nodegroup. + properties: + maxUnavailable: + description: MaxUnavailable is the maximum number of nodes unavailable + at once during a version update. Nodes will be updated in parallel. + The maximum number is 100. + maximum: 100 + minimum: 1 + type: integer + maxUnavailablePrecentage: + description: MaxUnavailablePercentage is the maximum percentage + of nodes unavailable during a version update. This percentage + of nodes will be updated in parallel, up to 100 nodes at once. + maximum: 100 + minimum: 1 + type: integer + type: object + type: object + status: + description: AWSManagedMachinePoolStatus defines the observed state of + AWSManagedMachinePool. + properties: + conditions: + description: Conditions defines current service state of the managed + machine pool + items: + description: Condition defines an observation of a Cluster API resource + operational state. + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. This should be when the underlying condition changed. + If that is not known, then using the time when the API field + changed is acceptable. + format: date-time + type: string + message: + description: A human readable message indicating details about + the transition. This field may be empty. + type: string + reason: + description: The reason for the condition's last transition + in CamelCase. The specific API may choose whether or not this + field is considered a guaranteed API. This field may not be + empty. + type: string + severity: + description: Severity provides an explicit classification of + Reason code, so the users or machines can immediately understand + the current situation and act accordingly. The Severity field + MUST be set only when Status=False. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition in CamelCase or in foo.example.com/CamelCase. + Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be useful + (see .node.status.conditions), the ability to deconflict is + important. + type: string + required: + - lastTransitionTime + - status + - type + type: object + type: array + failureMessage: + description: "FailureMessage will be set in the event that there is + a terminal problem reconciling the MachinePool and will contain + a more verbose string suitable for logging and human consumption. + \n This field should not be set for transitive errors that a controller + faces that are expected to be fixed automatically over time (like + service outages), but instead indicate that something is fundamentally + wrong with the MachinePool's spec or the configuration of the controller, + and that manual intervention is required. Examples of terminal errors + would be invalid combinations of settings in the spec, values that + are unsupported by the controller, or the responsible controller + itself being critically misconfigured. \n Any transient errors that + occur during the reconciliation of MachinePools can be added as + events to the MachinePool object and/or logged in the controller's + output." + type: string + failureReason: + description: "FailureReason will be set in the event that there is + a terminal problem reconciling the MachinePool and will contain + a succinct value suitable for machine interpretation. \n This field + should not be set for transitive errors that a controller faces + that are expected to be fixed automatically over time (like service + outages), but instead indicate that something is fundamentally wrong + with the Machine's spec or the configuration of the controller, + and that manual intervention is required. Examples of terminal errors + would be invalid combinations of settings in the spec, values that + are unsupported by the controller, or the responsible controller + itself being critically misconfigured. \n Any transient errors that + occur during the reconciliation of MachinePools can be added as + events to the MachinePool object and/or logged in the controller's + output." + type: string + launchTemplateID: + description: The ID of the launch template + type: string + launchTemplateVersion: + description: The version of the launch template + type: string + ready: + default: false + description: Ready denotes that the AWSManagedMachinePool nodegroup + has joined the cluster + type: boolean + replicas: + description: Replicas is the most recently observed number of replicas. + format: int32 + type: integer + required: + - ready + type: object + type: object + served: false + storage: false + subresources: + status: {} + - additionalPrinterColumns: + - description: MachinePool ready status + jsonPath: .status.ready + name: Ready + type: string + - description: Number of replicas + jsonPath: .status.replicas + name: Replicas + type: integer + name: v1beta2 + schema: + openAPIV3Schema: + description: AWSManagedMachinePool is the Schema for the awsmanagedmachinepools + API. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: AWSManagedMachinePoolSpec defines the desired state of AWSManagedMachinePool. + properties: + additionalTags: + additionalProperties: + type: string + description: AdditionalTags is an optional set of tags to add to AWS + resources managed by the AWS provider, in addition to the ones added + by default. + type: object + amiType: + default: AL2_x86_64 + description: AMIType defines the AMI type + enum: + - AL2_x86_64 + - AL2_x86_64_GPU + - AL2_ARM_64 + - CUSTOM + type: string + amiVersion: + description: AMIVersion defines the desired AMI release version. If + no version number is supplied then the latest version for the Kubernetes + version will be used + minLength: 2 + type: string + availabilityZoneSubnetType: + description: AvailabilityZoneSubnetType specifies which type of subnets + to use when an availability zone is specified. + enum: + - public + - private + - all + type: string + availabilityZones: + description: AvailabilityZones is an array of availability zones instances + can run in + items: + type: string + type: array + awsLaunchTemplate: + description: AWSLaunchTemplate specifies the launch template to use + to create the managed node group. If AWSLaunchTemplate is specified, + certain node group configuraions outside of launch template are + prohibited (https://docs.aws.amazon.com/eks/latest/userguide/launch-templates.html). + properties: + additionalSecurityGroups: + description: AdditionalSecurityGroups is an array of references + to security groups that should be applied to the instances. + These security groups would be set in addition to any security + groups defined at the cluster level or in the actuator. + items: + description: AWSResourceReference is a reference to a specific + AWS resource by ID or filters. Only one of ID or Filters may + be specified. Specifying more than one will result in a validation + error. + properties: + filters: + description: 'Filters is a set of key/value pairs used to + identify a resource They are applied according to the + rules defined by the AWS API: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Using_Filtering.html' + items: + description: Filter is a filter used to identify an AWS + resource. + properties: + name: + description: Name of the filter. Filter names are + case-sensitive. + type: string + values: + description: Values includes one or more filter values. + Filter values are case-sensitive. + items: + type: string + type: array + required: + - name + - values + type: object + type: array + id: + description: ID of resource + type: string + type: object + type: array + ami: + description: AMI is the reference to the AMI from which to create + the machine instance. + properties: + eksLookupType: + description: EKSOptimizedLookupType If specified, will look + up an EKS Optimized image in SSM Parameter store + enum: + - AmazonLinux + - AmazonLinuxGPU + type: string + id: + description: ID of resource + type: string + type: object + iamInstanceProfile: + description: The name or the Amazon Resource Name (ARN) of the + instance profile associated with the IAM role for the instance. + The instance profile contains the IAM role. + type: string + imageLookupBaseOS: + description: ImageLookupBaseOS is the name of the base operating + system to use for image lookup the AMI is not set. + type: string + imageLookupFormat: + description: 'ImageLookupFormat is the AMI naming format to look + up the image for this machine It will be ignored if an explicit + AMI is set. Supports substitutions for {{.BaseOS}} and {{.K8sVersion}} + with the base OS and kubernetes version, respectively. The BaseOS + will be the value in ImageLookupBaseOS or ubuntu (the default), + and the kubernetes version as defined by the packages produced + by kubernetes/release without v as a prefix: 1.13.0, 1.12.5-mybuild.1, + or 1.17.3. For example, the default image format of capa-ami-{{.BaseOS}}-?{{.K8sVersion}}-* + will end up searching for AMIs that match the pattern capa-ami-ubuntu-?1.18.0-* + for a Machine that is targeting kubernetes v1.18.0 and the ubuntu + base OS. See also: https://golang.org/pkg/text/template/' + type: string + imageLookupOrg: + description: ImageLookupOrg is the AWS Organization ID to use + for image lookup if AMI is not set. + type: string + instanceMetadataOptions: + description: InstanceMetadataOptions defines the behavior for + applying metadata to instances. + properties: + httpEndpoint: + default: enabled + description: "Enables or disables the HTTP metadata endpoint + on your instances. \n If you specify a value of disabled, + you cannot access your instance metadata. \n Default: enabled" + enum: + - enabled + - disabled + type: string + httpPutResponseHopLimit: + default: 1 + description: "The desired HTTP PUT response hop limit for + instance metadata requests. The larger the number, the further + instance metadata requests can travel. \n Default: 1" + format: int64 + maximum: 64 + minimum: 1 + type: integer + httpTokens: + default: optional + description: "The state of token usage for your instance metadata + requests. \n If the state is optional, you can choose to + retrieve instance metadata with or without a session token + on your request. If you retrieve the IAM role credentials + without a token, the version 1.0 role credentials are returned. + If you retrieve the IAM role credentials using a valid session + token, the version 2.0 role credentials are returned. \n + If the state is required, you must send a session token + with any instance metadata retrieval requests. In this state, + retrieving the IAM role credentials always returns the version + 2.0 credentials; the version 1.0 credentials are not available. + \n Default: optional" + enum: + - optional + - required + type: string + instanceMetadataTags: + default: disabled + description: "Set to enabled to allow access to instance tags + from the instance metadata. Set to disabled to turn off + access to instance tags from the instance metadata. For + more information, see Work with instance tags using the + instance metadata (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Using_Tags.html#work-with-tags-in-IMDS). + \n Default: disabled" + enum: + - enabled + - disabled + type: string + type: object + instanceType: + description: 'InstanceType is the type of instance to create. + Example: m4.xlarge' + type: string + name: + description: The name of the launch template. + type: string + privateDnsName: + description: PrivateDNSName is the options for the instance hostname. + properties: + enableResourceNameDnsAAAARecord: + description: EnableResourceNameDNSAAAARecord indicates whether + to respond to DNS queries for instance hostnames with DNS + AAAA records. + type: boolean + enableResourceNameDnsARecord: + description: EnableResourceNameDNSARecord indicates whether + to respond to DNS queries for instance hostnames with DNS + A records. + type: boolean + hostnameType: + description: The type of hostname to assign to an instance. + enum: + - ip-name + - resource-name + type: string + type: object + rootVolume: + description: RootVolume encapsulates the configuration options + for the root volume + properties: + deviceName: + description: Device name + type: string + encrypted: + description: Encrypted is whether the volume should be encrypted + or not. + type: boolean + encryptionKey: + description: EncryptionKey is the KMS key to use to encrypt + the volume. Can be either a KMS key ID or ARN. If Encrypted + is set and this is omitted, the default AWS key will be + used. The key must already exist and be accessible by the + controller. + type: string + iops: + description: IOPS is the number of IOPS requested for the + disk. Not applicable to all types. + format: int64 + type: integer + size: + description: Size specifies size (in Gi) of the storage device. + Must be greater than the image snapshot size or 8 (whichever + is greater). + format: int64 + minimum: 8 + type: integer + throughput: + description: Throughput to provision in MiB/s supported for + the volume type. Not applicable to all types. + format: int64 + type: integer + type: + description: Type is the type of the volume (e.g. gp2, io1, + etc...). + type: string + required: + - size + type: object + spotMarketOptions: + description: SpotMarketOptions are options for configuring AWSMachinePool + instances to be run using AWS Spot instances. + properties: + maxPrice: + description: MaxPrice defines the maximum price the user is + willing to pay for Spot VM instances + type: string + type: object + sshKeyName: + description: SSHKeyName is the name of the ssh key to attach to + the instance. Valid values are empty string (do not use SSH + keys), a valid SSH key name, or omitted (use the default SSH + key name) + type: string + versionNumber: + description: 'VersionNumber is the version of the launch template + that is applied. Typically a new version is created when at + least one of the following happens: 1) A new launch template + spec is applied. 2) One or more parameters in an existing template + is changed. 3) A new AMI is discovered.' + format: int64 + type: integer + type: object + capacityType: + default: onDemand + description: CapacityType specifies the capacity type for the ASG + behind this pool + enum: + - onDemand + - spot + type: string + diskSize: + description: DiskSize specifies the root disk size + format: int32 + type: integer + eksNodegroupName: + description: EKSNodegroupName specifies the name of the nodegroup + in AWS corresponding to this MachinePool. If you don't specify a + name then a default name will be created based on the namespace + and name of the managed machine pool. + type: string + instanceType: + description: InstanceType specifies the AWS instance type + type: string + labels: + additionalProperties: + type: string + description: Labels specifies labels for the Kubernetes node objects + type: object + providerIDList: + description: ProviderIDList are the provider IDs of instances in the + autoscaling group corresponding to the nodegroup represented by + this machine pool + items: + type: string + type: array + remoteAccess: + description: RemoteAccess specifies how machines can be accessed remotely + properties: + public: + description: Public specifies whether to open port 22 to the public + internet + type: boolean + sourceSecurityGroups: + description: SourceSecurityGroups specifies which security groups + are allowed access + items: + type: string + type: array + sshKeyName: + description: SSHKeyName specifies which EC2 SSH key can be used + to access machines. If left empty, the key from the control + plane is used. + type: string + type: object + roleAdditionalPolicies: + description: RoleAdditionalPolicies allows you to attach additional + polices to the node group role. You must enable the EKSAllowAddRoles + feature flag to incorporate these into the created role. + items: + type: string + type: array + roleName: + description: RoleName specifies the name of IAM role for the node + group. If the role is pre-existing we will treat it as unmanaged + and not delete it on deletion. If the EKSEnableIAM feature flag + is true and no name is supplied then a role is created. + type: string + scaling: + description: Scaling specifies scaling for the ASG behind this pool + properties: + maxSize: + format: int32 + type: integer + minSize: + format: int32 + type: integer + type: object + subnetIDs: + description: SubnetIDs specifies which subnets are used for the auto + scaling group of this nodegroup + items: + type: string + type: array + taints: + description: Taints specifies the taints to apply to the nodes of + the machine pool + items: + description: Taint defines the specs for a Kubernetes taint. + properties: + effect: + description: Effect specifies the effect for the taint + enum: + - no-schedule + - no-execute + - prefer-no-schedule + type: string + key: + description: Key is the key of the taint + type: string + value: + description: Value is the value of the taint + type: string + required: + - effect + - key + - value + type: object + type: array + updateConfig: + description: UpdateConfig holds the optional config to control the + behaviour of the update to the nodegroup. + properties: + maxUnavailable: + description: MaxUnavailable is the maximum number of nodes unavailable + at once during a version update. Nodes will be updated in parallel. + The maximum number is 100. + maximum: 100 + minimum: 1 + type: integer + maxUnavailablePercentage: + description: MaxUnavailablePercentage is the maximum percentage + of nodes unavailable during a version update. This percentage + of nodes will be updated in parallel, up to 100 nodes at once. + maximum: 100 + minimum: 1 + type: integer + type: object + type: object + status: + description: AWSManagedMachinePoolStatus defines the observed state of + AWSManagedMachinePool. + properties: + conditions: + description: Conditions defines current service state of the managed + machine pool + items: + description: Condition defines an observation of a Cluster API resource + operational state. + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. This should be when the underlying condition changed. + If that is not known, then using the time when the API field + changed is acceptable. + format: date-time + type: string + message: + description: A human readable message indicating details about + the transition. This field may be empty. + type: string + reason: + description: The reason for the condition's last transition + in CamelCase. The specific API may choose whether or not this + field is considered a guaranteed API. This field may not be + empty. + type: string + severity: + description: Severity provides an explicit classification of + Reason code, so the users or machines can immediately understand + the current situation and act accordingly. The Severity field + MUST be set only when Status=False. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition in CamelCase or in foo.example.com/CamelCase. + Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be useful + (see .node.status.conditions), the ability to deconflict is + important. + type: string + required: + - lastTransitionTime + - status + - type + type: object + type: array + failureMessage: + description: "FailureMessage will be set in the event that there is + a terminal problem reconciling the MachinePool and will contain + a more verbose string suitable for logging and human consumption. + \n This field should not be set for transitive errors that a controller + faces that are expected to be fixed automatically over time (like + service outages), but instead indicate that something is fundamentally + wrong with the MachinePool's spec or the configuration of the controller, + and that manual intervention is required. Examples of terminal errors + would be invalid combinations of settings in the spec, values that + are unsupported by the controller, or the responsible controller + itself being critically misconfigured. \n Any transient errors that + occur during the reconciliation of MachinePools can be added as + events to the MachinePool object and/or logged in the controller's + output." + type: string + failureReason: + description: "FailureReason will be set in the event that there is + a terminal problem reconciling the MachinePool and will contain + a succinct value suitable for machine interpretation. \n This field + should not be set for transitive errors that a controller faces + that are expected to be fixed automatically over time (like service + outages), but instead indicate that something is fundamentally wrong + with the Machine's spec or the configuration of the controller, + and that manual intervention is required. Examples of terminal errors + would be invalid combinations of settings in the spec, values that + are unsupported by the controller, or the responsible controller + itself being critically misconfigured. \n Any transient errors that + occur during the reconciliation of MachinePools can be added as + events to the MachinePool object and/or logged in the controller's + output." + type: string + launchTemplateID: + description: The ID of the launch template + type: string + launchTemplateVersion: + description: The version of the launch template + type: string + ready: + default: false + description: Ready denotes that the AWSManagedMachinePool nodegroup + has joined the cluster + type: boolean + replicas: + description: Replicas is the most recently observed number of replicas. + format: int32 + type: integer + required: + - ready + type: object + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cert-manager.io/inject-ca-from: capa-system/capa-serving-cert + controller-gen.kubebuilder.io/version: v0.13.0 + labels: + cluster.x-k8s.io/provider: infrastructure-aws + cluster.x-k8s.io/v1alpha3: v1alpha3 + cluster.x-k8s.io/v1alpha4: v1alpha4 + cluster.x-k8s.io/v1beta1: v1beta1_v1beta2 + name: eksconfigs.bootstrap.cluster.x-k8s.io +spec: + conversion: + strategy: Webhook + webhook: + clientConfig: + caBundle: Cg== + service: + name: capa-webhook-service + namespace: capa-system + path: /convert + conversionReviewVersions: + - v1 + - v1beta1 + group: bootstrap.cluster.x-k8s.io + names: + categories: + - cluster-api + kind: EKSConfig + listKind: EKSConfigList + plural: eksconfigs + shortNames: + - eksc + singular: eksconfig + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: Bootstrap configuration is ready + jsonPath: .status.ready + name: Ready + type: string + - description: Name of Secret containing bootstrap data + jsonPath: .status.dataSecretName + name: DataSecretName + type: string + name: v1beta1 + schema: + openAPIV3Schema: + description: EKSConfig is the schema for the Amazon EKS Machine Bootstrap + Configuration API. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: EKSConfigSpec defines the desired state of Amazon EKS Bootstrap + Configuration. + properties: + apiRetryAttempts: + description: APIRetryAttempts is the number of retry attempts for + AWS API call. + type: integer + containerRuntime: + description: ContainerRuntime specify the container runtime to use + when bootstrapping EKS. + type: string + dnsClusterIP: + description: DNSClusterIP overrides the IP address to use for DNS + queries within the cluster. + type: string + dockerConfigJson: + description: DockerConfigJson is used for the contents of the /etc/docker/daemon.json + file. Useful if you want a custom config differing from the default + one in the AMI. This is expected to be a json string. + type: string + kubeletExtraArgs: + additionalProperties: + type: string + description: KubeletExtraArgs passes the specified kubelet args into + the Amazon EKS machine bootstrap script + type: object + pauseContainer: + description: PauseContainer allows customization of the pause container + to use. + properties: + accountNumber: + description: AccountNumber is the AWS account number to pull the + pause container from. + type: string + version: + description: Version is the tag of the pause container to use. + type: string + required: + - accountNumber + - version + type: object + serviceIPV6Cidr: + description: ServiceIPV6Cidr is the ipv6 cidr range of the cluster. + If this is specified then the ip family will be set to ipv6. + type: string + useMaxPods: + description: UseMaxPods sets --max-pods for the kubelet when true. + type: boolean + type: object + status: + description: EKSConfigStatus defines the observed state of the Amazon + EKS Bootstrap Configuration. + properties: + conditions: + description: Conditions defines current service state of the EKSConfig. + items: + description: Condition defines an observation of a Cluster API resource + operational state. + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. This should be when the underlying condition changed. + If that is not known, then using the time when the API field + changed is acceptable. + format: date-time + type: string + message: + description: A human readable message indicating details about + the transition. This field may be empty. + type: string + reason: + description: The reason for the condition's last transition + in CamelCase. The specific API may choose whether or not this + field is considered a guaranteed API. This field may not be + empty. + type: string + severity: + description: Severity provides an explicit classification of + Reason code, so the users or machines can immediately understand + the current situation and act accordingly. The Severity field + MUST be set only when Status=False. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition in CamelCase or in foo.example.com/CamelCase. + Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be useful + (see .node.status.conditions), the ability to deconflict is + important. + type: string + required: + - lastTransitionTime + - status + - type + type: object + type: array + dataSecretName: + description: DataSecretName is the name of the secret that stores + the bootstrap data script. + type: string + failureMessage: + description: FailureMessage will be set on non-retryable errors + type: string + failureReason: + description: FailureReason will be set on non-retryable errors + type: string + observedGeneration: + description: ObservedGeneration is the latest generation observed + by the controller. + format: int64 + type: integer + ready: + description: Ready indicates the BootstrapData secret is ready to + be consumed + type: boolean + type: object + type: object + served: false + storage: false + subresources: + status: {} + - additionalPrinterColumns: + - description: Bootstrap configuration is ready + jsonPath: .status.ready + name: Ready + type: string + - description: Name of Secret containing bootstrap data + jsonPath: .status.dataSecretName + name: DataSecretName + type: string + name: v1beta2 + schema: + openAPIV3Schema: + description: EKSConfig is the schema for the Amazon EKS Machine Bootstrap + Configuration API. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: EKSConfigSpec defines the desired state of Amazon EKS Bootstrap + Configuration. + properties: + apiRetryAttempts: + description: APIRetryAttempts is the number of retry attempts for + AWS API call. + type: integer + boostrapCommandOverride: + description: BootstrapCommandOverride allows you to override the bootstrap + command to use for EKS nodes. + type: string + containerRuntime: + description: ContainerRuntime specify the container runtime to use + when bootstrapping EKS. + type: string + diskSetup: + description: DiskSetup specifies options for the creation of partition + tables and file systems on devices. + properties: + filesystems: + description: Filesystems specifies the list of file systems to + setup. + items: + description: Filesystem defines the file systems to be created. + properties: + device: + description: Device specifies the device name + type: string + extraOpts: + description: ExtraOpts defined extra options to add to the + command for creating the file system. + items: + type: string + type: array + filesystem: + description: Filesystem specifies the file system type. + type: string + label: + description: Label specifies the file system label to be + used. If set to None, no label is used. + type: string + overwrite: + description: Overwrite defines whether or not to overwrite + any existing filesystem. If true, any pre-existing file + system will be destroyed. Use with Caution. + type: boolean + partition: + description: 'Partition specifies the partition to use. + The valid options are: "auto|any", "auto", "any", "none", + and , where NUM is the actual partition number.' + type: string + required: + - device + - filesystem + - label + type: object + type: array + partitions: + description: Partitions specifies the list of the partitions to + setup. + items: + description: Partition defines how to create and layout a partition. + properties: + device: + description: Device is the name of the device. + type: string + layout: + description: Layout specifies the device layout. If it is + true, a single partition will be created for the entire + device. When layout is false, it means don't partition + or ignore existing partitioning. + type: boolean + overwrite: + description: Overwrite describes whether to skip checks + and create the partition if a partition or filesystem + is found on the device. Use with caution. Default is 'false'. + type: boolean + tableType: + description: 'TableType specifies the tupe of partition + table. The following are supported: ''mbr'': default and + setups a MS-DOS partition table ''gpt'': setups a GPT + partition table' + type: string + required: + - device + - layout + type: object + type: array + type: object + dnsClusterIP: + description: DNSClusterIP overrides the IP address to use for DNS + queries within the cluster. + type: string + dockerConfigJson: + description: DockerConfigJson is used for the contents of the /etc/docker/daemon.json + file. Useful if you want a custom config differing from the default + one in the AMI. This is expected to be a json string. + type: string + files: + description: Files specifies extra files to be passed to user_data + upon creation. + items: + description: File defines the input for generating write_files in + cloud-init. + properties: + append: + description: Append specifies whether to append Content to existing + file if Path exists. + type: boolean + content: + description: Content is the actual content of the file. + type: string + contentFrom: + description: ContentFrom is a referenced source of content to + populate the file. + properties: + secret: + description: Secret represents a secret that should populate + this file. + properties: + key: + description: Key is the key in the secret's data map + for this value. + type: string + name: + description: Name of the secret in the KubeadmBootstrapConfig's + namespace to use. + type: string + required: + - key + - name + type: object + required: + - secret + type: object + encoding: + description: Encoding specifies the encoding of the file contents. + enum: + - base64 + - gzip + - gzip+base64 + type: string + owner: + description: Owner specifies the ownership of the file, e.g. + "root:root". + type: string + path: + description: Path specifies the full path on disk where to store + the file. + type: string + permissions: + description: Permissions specifies the permissions to assign + to the file, e.g. "0640". + type: string + required: + - path + type: object + type: array + kubeletExtraArgs: + additionalProperties: + type: string + description: KubeletExtraArgs passes the specified kubelet args into + the Amazon EKS machine bootstrap script + type: object + mounts: + description: Mounts specifies a list of mount points to be setup. + items: + description: MountPoints defines input for generated mounts in cloud-init. + items: + type: string + type: array + type: array + ntp: + description: NTP specifies NTP configuration + properties: + enabled: + description: Enabled specifies whether NTP should be enabled + type: boolean + servers: + description: Servers specifies which NTP servers to use + items: + type: string + type: array + type: object + pauseContainer: + description: PauseContainer allows customization of the pause container + to use. + properties: + accountNumber: + description: AccountNumber is the AWS account number to pull the + pause container from. + type: string + version: + description: Version is the tag of the pause container to use. + type: string + required: + - accountNumber + - version + type: object + postBootstrapCommands: + description: PostBootstrapCommands specifies extra commands to run + after bootstrapping nodes to the cluster + items: + type: string + type: array + preBootstrapCommands: + description: PreBootstrapCommands specifies extra commands to run + before bootstrapping nodes to the cluster + items: + type: string + type: array + serviceIPV6Cidr: + description: ServiceIPV6Cidr is the ipv6 cidr range of the cluster. + If this is specified then the ip family will be set to ipv6. + type: string + useMaxPods: + description: UseMaxPods sets --max-pods for the kubelet when true. + type: boolean + users: + description: Users specifies extra users to add + items: + description: User defines the input for a generated user in cloud-init. + properties: + gecos: + description: Gecos specifies the gecos to use for the user + type: string + groups: + description: Groups specifies the additional groups for the + user + type: string + homeDir: + description: HomeDir specifies the home directory to use for + the user + type: string + inactive: + description: Inactive specifies whether to mark the user as + inactive + type: boolean + lockPassword: + description: LockPassword specifies if password login should + be disabled + type: boolean + name: + description: Name specifies the username + type: string + passwd: + description: Passwd specifies a hashed password for the user + type: string + passwdFrom: + description: PasswdFrom is a referenced source of passwd to + populate the passwd. + properties: + secret: + description: Secret represents a secret that should populate + this password. + properties: + key: + description: Key is the key in the secret's data map + for this value. + type: string + name: + description: Name of the secret in the KubeadmBootstrapConfig's + namespace to use. + type: string + required: + - key + - name + type: object + required: + - secret + type: object + primaryGroup: + description: PrimaryGroup specifies the primary group for the + user + type: string + shell: + description: Shell specifies the user's shell + type: string + sshAuthorizedKeys: + description: SSHAuthorizedKeys specifies a list of ssh authorized + keys for the user + items: + type: string + type: array + sudo: + description: Sudo specifies a sudo role for the user + type: string + required: + - name + type: object + type: array + type: object + status: + description: EKSConfigStatus defines the observed state of the Amazon + EKS Bootstrap Configuration. + properties: + conditions: + description: Conditions defines current service state of the EKSConfig. + items: + description: Condition defines an observation of a Cluster API resource + operational state. + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. This should be when the underlying condition changed. + If that is not known, then using the time when the API field + changed is acceptable. + format: date-time + type: string + message: + description: A human readable message indicating details about + the transition. This field may be empty. + type: string + reason: + description: The reason for the condition's last transition + in CamelCase. The specific API may choose whether or not this + field is considered a guaranteed API. This field may not be + empty. + type: string + severity: + description: Severity provides an explicit classification of + Reason code, so the users or machines can immediately understand + the current situation and act accordingly. The Severity field + MUST be set only when Status=False. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition in CamelCase or in foo.example.com/CamelCase. + Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be useful + (see .node.status.conditions), the ability to deconflict is + important. + type: string + required: + - lastTransitionTime + - status + - type + type: object + type: array + dataSecretName: + description: DataSecretName is the name of the secret that stores + the bootstrap data script. + type: string + failureMessage: + description: FailureMessage will be set on non-retryable errors + type: string + failureReason: + description: FailureReason will be set on non-retryable errors + type: string + observedGeneration: + description: ObservedGeneration is the latest generation observed + by the controller. + format: int64 + type: integer + ready: + description: Ready indicates the BootstrapData secret is ready to + be consumed + type: boolean + type: object + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cert-manager.io/inject-ca-from: capa-system/capa-serving-cert + controller-gen.kubebuilder.io/version: v0.13.0 + labels: + cluster.x-k8s.io/provider: infrastructure-aws + cluster.x-k8s.io/v1alpha3: v1alpha3 + cluster.x-k8s.io/v1alpha4: v1alpha4 + cluster.x-k8s.io/v1beta1: v1beta1_v1beta2 + name: eksconfigtemplates.bootstrap.cluster.x-k8s.io +spec: + conversion: + strategy: Webhook + webhook: + clientConfig: + caBundle: Cg== + service: + name: capa-webhook-service + namespace: capa-system + path: /convert + conversionReviewVersions: + - v1 + - v1beta1 + group: bootstrap.cluster.x-k8s.io + names: + categories: + - cluster-api + kind: EKSConfigTemplate + listKind: EKSConfigTemplateList + plural: eksconfigtemplates + shortNames: + - eksct + singular: eksconfigtemplate + scope: Namespaced + versions: + - name: v1beta1 + schema: + openAPIV3Schema: + description: EKSConfigTemplate is the Amazon EKS Bootstrap Configuration Template + API. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: EKSConfigTemplateSpec defines the desired state of templated + EKSConfig Amazon EKS Bootstrap Configuration resources. + properties: + template: + description: EKSConfigTemplateResource defines the Template structure. + properties: + spec: + description: EKSConfigSpec defines the desired state of Amazon + EKS Bootstrap Configuration. + properties: + apiRetryAttempts: + description: APIRetryAttempts is the number of retry attempts + for AWS API call. + type: integer + containerRuntime: + description: ContainerRuntime specify the container runtime + to use when bootstrapping EKS. + type: string + dnsClusterIP: + description: DNSClusterIP overrides the IP address to use + for DNS queries within the cluster. + type: string + dockerConfigJson: + description: DockerConfigJson is used for the contents of + the /etc/docker/daemon.json file. Useful if you want a custom + config differing from the default one in the AMI. This is + expected to be a json string. + type: string + kubeletExtraArgs: + additionalProperties: + type: string + description: KubeletExtraArgs passes the specified kubelet + args into the Amazon EKS machine bootstrap script + type: object + pauseContainer: + description: PauseContainer allows customization of the pause + container to use. + properties: + accountNumber: + description: AccountNumber is the AWS account number to + pull the pause container from. + type: string + version: + description: Version is the tag of the pause container + to use. + type: string + required: + - accountNumber + - version + type: object + serviceIPV6Cidr: + description: ServiceIPV6Cidr is the ipv6 cidr range of the + cluster. If this is specified then the ip family will be + set to ipv6. + type: string + useMaxPods: + description: UseMaxPods sets --max-pods for the kubelet when + true. + type: boolean + type: object + type: object + required: + - template + type: object + type: object + served: false + storage: false + - name: v1beta2 + schema: + openAPIV3Schema: + description: EKSConfigTemplate is the Amazon EKS Bootstrap Configuration Template + API. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: EKSConfigTemplateSpec defines the desired state of templated + EKSConfig Amazon EKS Bootstrap Configuration resources. + properties: + template: + description: EKSConfigTemplateResource defines the Template structure. + properties: + spec: + description: EKSConfigSpec defines the desired state of Amazon + EKS Bootstrap Configuration. + properties: + apiRetryAttempts: + description: APIRetryAttempts is the number of retry attempts + for AWS API call. + type: integer + boostrapCommandOverride: + description: BootstrapCommandOverride allows you to override + the bootstrap command to use for EKS nodes. + type: string + containerRuntime: + description: ContainerRuntime specify the container runtime + to use when bootstrapping EKS. + type: string + diskSetup: + description: DiskSetup specifies options for the creation + of partition tables and file systems on devices. + properties: + filesystems: + description: Filesystems specifies the list of file systems + to setup. + items: + description: Filesystem defines the file systems to + be created. + properties: + device: + description: Device specifies the device name + type: string + extraOpts: + description: ExtraOpts defined extra options to + add to the command for creating the file system. + items: + type: string + type: array + filesystem: + description: Filesystem specifies the file system + type. + type: string + label: + description: Label specifies the file system label + to be used. If set to None, no label is used. + type: string + overwrite: + description: Overwrite defines whether or not to + overwrite any existing filesystem. If true, any + pre-existing file system will be destroyed. Use + with Caution. + type: boolean + partition: + description: 'Partition specifies the partition + to use. The valid options are: "auto|any", "auto", + "any", "none", and , where NUM is the actual + partition number.' + type: string + required: + - device + - filesystem + - label + type: object + type: array + partitions: + description: Partitions specifies the list of the partitions + to setup. + items: + description: Partition defines how to create and layout + a partition. + properties: + device: + description: Device is the name of the device. + type: string + layout: + description: Layout specifies the device layout. + If it is true, a single partition will be created + for the entire device. When layout is false, it + means don't partition or ignore existing partitioning. + type: boolean + overwrite: + description: Overwrite describes whether to skip + checks and create the partition if a partition + or filesystem is found on the device. Use with + caution. Default is 'false'. + type: boolean + tableType: + description: 'TableType specifies the tupe of partition + table. The following are supported: ''mbr'': default + and setups a MS-DOS partition table ''gpt'': setups + a GPT partition table' + type: string + required: + - device + - layout + type: object + type: array + type: object + dnsClusterIP: + description: DNSClusterIP overrides the IP address to use + for DNS queries within the cluster. + type: string + dockerConfigJson: + description: DockerConfigJson is used for the contents of + the /etc/docker/daemon.json file. Useful if you want a custom + config differing from the default one in the AMI. This is + expected to be a json string. + type: string + files: + description: Files specifies extra files to be passed to user_data + upon creation. + items: + description: File defines the input for generating write_files + in cloud-init. + properties: + append: + description: Append specifies whether to append Content + to existing file if Path exists. + type: boolean + content: + description: Content is the actual content of the file. + type: string + contentFrom: + description: ContentFrom is a referenced source of content + to populate the file. + properties: + secret: + description: Secret represents a secret that should + populate this file. + properties: + key: + description: Key is the key in the secret's + data map for this value. + type: string + name: + description: Name of the secret in the KubeadmBootstrapConfig's + namespace to use. + type: string + required: + - key + - name + type: object + required: + - secret + type: object + encoding: + description: Encoding specifies the encoding of the + file contents. + enum: + - base64 + - gzip + - gzip+base64 + type: string + owner: + description: Owner specifies the ownership of the file, + e.g. "root:root". + type: string + path: + description: Path specifies the full path on disk where + to store the file. + type: string + permissions: + description: Permissions specifies the permissions to + assign to the file, e.g. "0640". + type: string + required: + - path + type: object + type: array + kubeletExtraArgs: + additionalProperties: + type: string + description: KubeletExtraArgs passes the specified kubelet + args into the Amazon EKS machine bootstrap script + type: object + mounts: + description: Mounts specifies a list of mount points to be + setup. + items: + description: MountPoints defines input for generated mounts + in cloud-init. + items: + type: string + type: array + type: array + ntp: + description: NTP specifies NTP configuration + properties: + enabled: + description: Enabled specifies whether NTP should be enabled + type: boolean + servers: + description: Servers specifies which NTP servers to use + items: + type: string + type: array + type: object + pauseContainer: + description: PauseContainer allows customization of the pause + container to use. + properties: + accountNumber: + description: AccountNumber is the AWS account number to + pull the pause container from. + type: string + version: + description: Version is the tag of the pause container + to use. + type: string + required: + - accountNumber + - version + type: object + postBootstrapCommands: + description: PostBootstrapCommands specifies extra commands + to run after bootstrapping nodes to the cluster + items: + type: string + type: array + preBootstrapCommands: + description: PreBootstrapCommands specifies extra commands + to run before bootstrapping nodes to the cluster + items: + type: string + type: array + serviceIPV6Cidr: + description: ServiceIPV6Cidr is the ipv6 cidr range of the + cluster. If this is specified then the ip family will be + set to ipv6. + type: string + useMaxPods: + description: UseMaxPods sets --max-pods for the kubelet when + true. + type: boolean + users: + description: Users specifies extra users to add + items: + description: User defines the input for a generated user + in cloud-init. + properties: + gecos: + description: Gecos specifies the gecos to use for the + user + type: string + groups: + description: Groups specifies the additional groups + for the user + type: string + homeDir: + description: HomeDir specifies the home directory to + use for the user + type: string + inactive: + description: Inactive specifies whether to mark the + user as inactive + type: boolean + lockPassword: + description: LockPassword specifies if password login + should be disabled + type: boolean + name: + description: Name specifies the username + type: string + passwd: + description: Passwd specifies a hashed password for + the user + type: string + passwdFrom: + description: PasswdFrom is a referenced source of passwd + to populate the passwd. + properties: + secret: + description: Secret represents a secret that should + populate this password. + properties: + key: + description: Key is the key in the secret's + data map for this value. + type: string + name: + description: Name of the secret in the KubeadmBootstrapConfig's + namespace to use. + type: string + required: + - key + - name + type: object + required: + - secret + type: object + primaryGroup: + description: PrimaryGroup specifies the primary group + for the user + type: string + shell: + description: Shell specifies the user's shell + type: string + sshAuthorizedKeys: + description: SSHAuthorizedKeys specifies a list of ssh + authorized keys for the user + items: + type: string + type: array + sudo: + description: Sudo specifies a sudo role for the user + type: string + required: + - name + type: object + type: array + type: object + type: object + required: + - template + type: object + type: object + served: true + storage: true +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.13.0 + labels: + cluster.x-k8s.io/provider: infrastructure-aws + cluster.x-k8s.io/v1alpha3: v1alpha3 + cluster.x-k8s.io/v1alpha4: v1alpha4 + cluster.x-k8s.io/v1beta1: v1beta1_v1beta2 + name: rosaclusters.infrastructure.cluster.x-k8s.io +spec: + group: infrastructure.cluster.x-k8s.io + names: + categories: + - cluster-api + kind: ROSACluster + listKind: ROSAClusterList + plural: rosaclusters + shortNames: + - rosac + singular: rosacluster + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: Cluster to which this AWSManagedControl belongs + jsonPath: .metadata.labels.cluster\.x-k8s\.io/cluster-name + name: Cluster + type: string + - description: Control plane infrastructure is ready for worker nodes + jsonPath: .status.ready + name: Ready + type: string + - description: API Endpoint + jsonPath: .spec.controlPlaneEndpoint.host + name: Endpoint + priority: 1 + type: string + name: v1beta2 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + controlPlaneEndpoint: + description: ControlPlaneEndpoint represents the endpoint used to + communicate with the control plane. + properties: + host: + description: The hostname on which the API server is serving. + type: string + port: + description: The port on which the API server is serving. + format: int32 + type: integer + required: + - host + - port + type: object + type: object + status: + description: ROSAClusterStatus defines the observed state of ROSACluster + properties: + failureDomains: + additionalProperties: + description: FailureDomainSpec is the Schema for Cluster API failure + domains. It allows controllers to understand how many failure + domains a cluster can optionally span across. + properties: + attributes: + additionalProperties: + type: string + description: Attributes is a free form map of attributes an + infrastructure provider might use or require. + type: object + controlPlane: + description: ControlPlane determines if this failure domain + is suitable for use by control plane machines. + type: boolean + type: object + description: FailureDomains specifies a list fo available availability + zones that can be used + type: object + ready: + description: Ready is when the ROSAControlPlane has a API server URL. + type: boolean + type: object + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.13.0 + labels: + cluster.x-k8s.io/provider: infrastructure-aws + cluster.x-k8s.io/v1alpha3: v1alpha3 + cluster.x-k8s.io/v1alpha4: v1alpha4 + cluster.x-k8s.io/v1beta1: v1beta1_v1beta2 + name: rosacontrolplanes.controlplane.cluster.x-k8s.io +spec: + group: controlplane.cluster.x-k8s.io + names: + categories: + - cluster-api + kind: ROSAControlPlane + listKind: ROSAControlPlaneList + plural: rosacontrolplanes + shortNames: + - rosacp + singular: rosacontrolplane + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: Cluster to which this RosaControl belongs + jsonPath: .metadata.labels.cluster\.x-k8s\.io/cluster-name + name: Cluster + type: string + - description: Control plane infrastructure is ready for worker nodes + jsonPath: .status.ready + name: Ready + type: string + name: v1beta2 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + autoscaling: + description: Autoscaling specifies auto scaling behaviour for the + MachinePools. + properties: + maxReplicas: + minimum: 1 + type: integer + minReplicas: + minimum: 1 + type: integer + type: object + availabilityZones: + description: AWS AvailabilityZones of the worker nodes should match + the AvailabilityZones of the Subnets. + items: + type: string + type: array + billingAccount: + description: BillingAccount is an optional AWS account to use for + billing the subscription fees for ROSA clusters. The cost of running + each ROSA cluster will be billed to the infrastructure account in + which the cluster is running. + type: string + x-kubernetes-validations: + - message: billingAccount is immutable + rule: self == oldSelf + - message: billingAccount must be a valid AWS account ID + rule: self.matches('^[0-9]{12}$') + controlPlaneEndpoint: + description: ControlPlaneEndpoint represents the endpoint used to + communicate with the control plane. + properties: + host: + description: The hostname on which the API server is serving. + type: string + port: + description: The port on which the API server is serving. + format: int32 + type: integer + required: + - host + - port + type: object + credentialsSecretRef: + description: 'CredentialsSecretRef references a secret with necessary + credentials to connect to the OCM API. The secret should contain + the following data keys: - ocmToken: eyJhbGciOiJIUzI1NiIsI.... - + ocmApiUrl: Optional, defaults to ''https://api.openshift.com''' + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + x-kubernetes-map-type: atomic + identityRef: + description: IdentityRef is a reference to an identity to be used + when reconciling the managed control plane. If no identity is specified, + the default identity for this controller will be used. + properties: + kind: + description: Kind of the identity. + enum: + - AWSClusterControllerIdentity + - AWSClusterRoleIdentity + - AWSClusterStaticIdentity + type: string + name: + description: Name of the identity. + minLength: 1 + type: string + required: + - kind + - name + type: object + installerRoleARN: + description: 'TODO: these are to satisfy ocm sdk. Explore how to drop + them.' + type: string + instanceType: + description: The instance type to use, for example `r5.xlarge`. Instance + type ref; https://aws.amazon.com/ec2/instance-types/ + type: string + network: + description: Network config for the ROSA HCP cluster. + properties: + hostPrefix: + default: 23 + description: Network host prefix which is defaulted to `23` if + not specified. + type: integer + machineCIDR: + description: IP addresses block used by OpenShift while installing + the cluster, for example "10.0.0.0/16". + format: cidr + type: string + networkType: + default: OVNKubernetes + description: The CNI network type default is OVNKubernetes. + enum: + - OVNKubernetes + - Other + type: string + podCIDR: + description: IP address block from which to assign pod IP addresses, + for example `10.128.0.0/14`. + format: cidr + type: string + serviceCIDR: + description: IP address block from which to assign service IP + addresses, for example `172.30.0.0/16`. + format: cidr + type: string + type: object + oidcID: + description: The ID of the OpenID Connect Provider. + type: string + region: + description: The AWS Region the cluster lives in. + type: string + rolesRef: + description: AWS IAM roles used to perform credential requests by + the openshift operators. + properties: + controlPlaneOperatorARN: + description: "ControlPlaneOperatorARN is an ARN value referencing + a role appropriate for the Control Plane Operator. \n The following + is an example of a valid policy document: \n { \"Version\": + \"2012-10-17\", \"Statement\": [ { \"Effect\": \"Allow\", \"Action\": + [ \"ec2:CreateVpcEndpoint\", \"ec2:DescribeVpcEndpoints\", \"ec2:ModifyVpcEndpoint\", + \"ec2:DeleteVpcEndpoints\", \"ec2:CreateTags\", \"route53:ListHostedZones\", + \"ec2:CreateSecurityGroup\", \"ec2:AuthorizeSecurityGroupIngress\", + \"ec2:AuthorizeSecurityGroupEgress\", \"ec2:DeleteSecurityGroup\", + \"ec2:RevokeSecurityGroupIngress\", \"ec2:RevokeSecurityGroupEgress\", + \"ec2:DescribeSecurityGroups\", \"ec2:DescribeVpcs\", ], \"Resource\": + \"*\" }, { \"Effect\": \"Allow\", \"Action\": [ \"route53:ChangeResourceRecordSets\", + \"route53:ListResourceRecordSets\" ], \"Resource\": \"arn:aws:route53:::%s\" + } ] }" + type: string + imageRegistryARN: + description: "ImageRegistryARN is an ARN value referencing a role + appropriate for the Image Registry Operator. \n The following + is an example of a valid policy document: \n { \"Version\": + \"2012-10-17\", \"Statement\": [ { \"Effect\": \"Allow\", \"Action\": + [ \"s3:CreateBucket\", \"s3:DeleteBucket\", \"s3:PutBucketTagging\", + \"s3:GetBucketTagging\", \"s3:PutBucketPublicAccessBlock\", + \"s3:GetBucketPublicAccessBlock\", \"s3:PutEncryptionConfiguration\", + \"s3:GetEncryptionConfiguration\", \"s3:PutLifecycleConfiguration\", + \"s3:GetLifecycleConfiguration\", \"s3:GetBucketLocation\", + \"s3:ListBucket\", \"s3:GetObject\", \"s3:PutObject\", \"s3:DeleteObject\", + \"s3:ListBucketMultipartUploads\", \"s3:AbortMultipartUpload\", + \"s3:ListMultipartUploadParts\" ], \"Resource\": \"*\" } ] }" + type: string + ingressARN: + description: "The referenced role must have a trust relationship + that allows it to be assumed via web identity. https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_oidc.html. + Example: { \"Version\": \"2012-10-17\", \"Statement\": [ { \"Effect\": + \"Allow\", \"Principal\": { \"Federated\": \"{{ .ProviderARN + }}\" }, \"Action\": \"sts:AssumeRoleWithWebIdentity\", \"Condition\": + { \"StringEquals\": { \"{{ .ProviderName }}:sub\": {{ .ServiceAccounts + }} } } } ] } \n IngressARN is an ARN value referencing a role + appropriate for the Ingress Operator. \n The following is an + example of a valid policy document: \n { \"Version\": \"2012-10-17\", + \"Statement\": [ { \"Effect\": \"Allow\", \"Action\": [ \"elasticloadbalancing:DescribeLoadBalancers\", + \"tag:GetResources\", \"route53:ListHostedZones\" ], \"Resource\": + \"*\" }, { \"Effect\": \"Allow\", \"Action\": [ \"route53:ChangeResourceRecordSets\" + ], \"Resource\": [ \"arn:aws:route53:::PUBLIC_ZONE_ID\", \"arn:aws:route53:::PRIVATE_ZONE_ID\" + ] } ] }" + type: string + kmsProviderARN: + type: string + kubeCloudControllerARN: + description: "KubeCloudControllerARN is an ARN value referencing + a role appropriate for the KCM/KCC. Source: https://cloud-provider-aws.sigs.k8s.io/prerequisites/#iam-policies + \n The following is an example of a valid policy document: \n + { \"Version\": \"2012-10-17\", \"Statement\": [ { \"Action\": + [ \"autoscaling:DescribeAutoScalingGroups\", \"autoscaling:DescribeLaunchConfigurations\", + \"autoscaling:DescribeTags\", \"ec2:DescribeAvailabilityZones\", + \"ec2:DescribeInstances\", \"ec2:DescribeImages\", \"ec2:DescribeRegions\", + \"ec2:DescribeRouteTables\", \"ec2:DescribeSecurityGroups\", + \"ec2:DescribeSubnets\", \"ec2:DescribeVolumes\", \"ec2:CreateSecurityGroup\", + \"ec2:CreateTags\", \"ec2:CreateVolume\", \"ec2:ModifyInstanceAttribute\", + \"ec2:ModifyVolume\", \"ec2:AttachVolume\", \"ec2:AuthorizeSecurityGroupIngress\", + \"ec2:CreateRoute\", \"ec2:DeleteRoute\", \"ec2:DeleteSecurityGroup\", + \"ec2:DeleteVolume\", \"ec2:DetachVolume\", \"ec2:RevokeSecurityGroupIngress\", + \"ec2:DescribeVpcs\", \"elasticloadbalancing:AddTags\", \"elasticloadbalancing:AttachLoadBalancerToSubnets\", + \"elasticloadbalancing:ApplySecurityGroupsToLoadBalancer\", + \"elasticloadbalancing:CreateLoadBalancer\", \"elasticloadbalancing:CreateLoadBalancerPolicy\", + \"elasticloadbalancing:CreateLoadBalancerListeners\", \"elasticloadbalancing:ConfigureHealthCheck\", + \"elasticloadbalancing:DeleteLoadBalancer\", \"elasticloadbalancing:DeleteLoadBalancerListeners\", + \"elasticloadbalancing:DescribeLoadBalancers\", \"elasticloadbalancing:DescribeLoadBalancerAttributes\", + \"elasticloadbalancing:DetachLoadBalancerFromSubnets\", \"elasticloadbalancing:DeregisterInstancesFromLoadBalancer\", + \"elasticloadbalancing:ModifyLoadBalancerAttributes\", \"elasticloadbalancing:RegisterInstancesWithLoadBalancer\", + \"elasticloadbalancing:SetLoadBalancerPoliciesForBackendServer\", + \"elasticloadbalancing:AddTags\", \"elasticloadbalancing:CreateListener\", + \"elasticloadbalancing:CreateTargetGroup\", \"elasticloadbalancing:DeleteListener\", + \"elasticloadbalancing:DeleteTargetGroup\", \"elasticloadbalancing:DeregisterTargets\", + \"elasticloadbalancing:DescribeListeners\", \"elasticloadbalancing:DescribeLoadBalancerPolicies\", + \"elasticloadbalancing:DescribeTargetGroups\", \"elasticloadbalancing:DescribeTargetHealth\", + \"elasticloadbalancing:ModifyListener\", \"elasticloadbalancing:ModifyTargetGroup\", + \"elasticloadbalancing:RegisterTargets\", \"elasticloadbalancing:SetLoadBalancerPoliciesOfListener\", + \"iam:CreateServiceLinkedRole\", \"kms:DescribeKey\" ], \"Resource\": + [ \"*\" ], \"Effect\": \"Allow\" } ] }" + type: string + networkARN: + description: "NetworkARN is an ARN value referencing a role appropriate + for the Network Operator. \n The following is an example of + a valid policy document: \n { \"Version\": \"2012-10-17\", \"Statement\": + [ { \"Effect\": \"Allow\", \"Action\": [ \"ec2:DescribeInstances\", + \"ec2:DescribeInstanceStatus\", \"ec2:DescribeInstanceTypes\", + \"ec2:UnassignPrivateIpAddresses\", \"ec2:AssignPrivateIpAddresses\", + \"ec2:UnassignIpv6Addresses\", \"ec2:AssignIpv6Addresses\", + \"ec2:DescribeSubnets\", \"ec2:DescribeNetworkInterfaces\" ], + \"Resource\": \"*\" } ] }" + type: string + nodePoolManagementARN: + description: "NodePoolManagementARN is an ARN value referencing + a role appropriate for the CAPI Controller. \n The following + is an example of a valid policy document: \n { \"Version\": + \"2012-10-17\", \"Statement\": [ { \"Action\": [ \"ec2:AssociateRouteTable\", + \"ec2:AttachInternetGateway\", \"ec2:AuthorizeSecurityGroupIngress\", + \"ec2:CreateInternetGateway\", \"ec2:CreateNatGateway\", \"ec2:CreateRoute\", + \"ec2:CreateRouteTable\", \"ec2:CreateSecurityGroup\", \"ec2:CreateSubnet\", + \"ec2:CreateTags\", \"ec2:DeleteInternetGateway\", \"ec2:DeleteNatGateway\", + \"ec2:DeleteRouteTable\", \"ec2:DeleteSecurityGroup\", \"ec2:DeleteSubnet\", + \"ec2:DeleteTags\", \"ec2:DescribeAccountAttributes\", \"ec2:DescribeAddresses\", + \"ec2:DescribeAvailabilityZones\", \"ec2:DescribeImages\", \"ec2:DescribeInstances\", + \"ec2:DescribeInternetGateways\", \"ec2:DescribeNatGateways\", + \"ec2:DescribeNetworkInterfaces\", \"ec2:DescribeNetworkInterfaceAttribute\", + \"ec2:DescribeRouteTables\", \"ec2:DescribeSecurityGroups\", + \"ec2:DescribeSubnets\", \"ec2:DescribeVpcs\", \"ec2:DescribeVpcAttribute\", + \"ec2:DescribeVolumes\", \"ec2:DetachInternetGateway\", \"ec2:DisassociateRouteTable\", + \"ec2:DisassociateAddress\", \"ec2:ModifyInstanceAttribute\", + \"ec2:ModifyNetworkInterfaceAttribute\", \"ec2:ModifySubnetAttribute\", + \"ec2:RevokeSecurityGroupIngress\", \"ec2:RunInstances\", \"ec2:TerminateInstances\", + \"tag:GetResources\", \"ec2:CreateLaunchTemplate\", \"ec2:CreateLaunchTemplateVersion\", + \"ec2:DescribeLaunchTemplates\", \"ec2:DescribeLaunchTemplateVersions\", + \"ec2:DeleteLaunchTemplate\", \"ec2:DeleteLaunchTemplateVersions\" + ], \"Resource\": [ \"*\" ], \"Effect\": \"Allow\" }, { \"Condition\": + { \"StringLike\": { \"iam:AWSServiceName\": \"elasticloadbalancing.amazonaws.com\" + } }, \"Action\": [ \"iam:CreateServiceLinkedRole\" ], \"Resource\": + [ \"arn:*:iam::*:role/aws-service-role/elasticloadbalancing.amazonaws.com/AWSServiceRoleForElasticLoadBalancing\" + ], \"Effect\": \"Allow\" }, { \"Action\": [ \"iam:PassRole\" + ], \"Resource\": [ \"arn:*:iam::*:role/*-worker-role\" ], \"Effect\": + \"Allow\" }, { \"Effect\": \"Allow\", \"Action\": [ \"kms:Decrypt\", + \"kms:ReEncrypt\", \"kms:GenerateDataKeyWithoutPlainText\", + \"kms:DescribeKey\" ], \"Resource\": \"*\" }, { \"Effect\": + \"Allow\", \"Action\": [ \"kms:CreateGrant\" ], \"Resource\": + \"*\", \"Condition\": { \"Bool\": { \"kms:GrantIsForAWSResource\": + true } } } ] }" + type: string + storageARN: + description: "StorageARN is an ARN value referencing a role appropriate + for the Storage Operator. \n The following is an example of + a valid policy document: \n { \"Version\": \"2012-10-17\", \"Statement\": + [ { \"Effect\": \"Allow\", \"Action\": [ \"ec2:AttachVolume\", + \"ec2:CreateSnapshot\", \"ec2:CreateTags\", \"ec2:CreateVolume\", + \"ec2:DeleteSnapshot\", \"ec2:DeleteTags\", \"ec2:DeleteVolume\", + \"ec2:DescribeInstances\", \"ec2:DescribeSnapshots\", \"ec2:DescribeTags\", + \"ec2:DescribeVolumes\", \"ec2:DescribeVolumesModifications\", + \"ec2:DetachVolume\", \"ec2:ModifyVolume\" ], \"Resource\": + \"*\" } ] }" + type: string + required: + - controlPlaneOperatorARN + - imageRegistryARN + - ingressARN + - kmsProviderARN + - kubeCloudControllerARN + - networkARN + - nodePoolManagementARN + - storageARN + type: object + rosaClusterName: + description: Cluster name must be valid DNS-1035 label, so it must + consist of lower case alphanumeric characters or '-', start with + an alphabetic character, end with an alphanumeric character and + have a max length of 15 characters. + maxLength: 15 + pattern: ^[a-z]([-a-z0-9]*[a-z0-9])?$ + type: string + x-kubernetes-validations: + - message: rosaClusterName is immutable + rule: self == oldSelf + subnets: + description: The Subnet IDs to use when installing the cluster. SubnetIDs + should come in pairs; two per availability zone, one private and + one public. + items: + type: string + type: array + supportRoleARN: + type: string + version: + description: OpenShift semantic version, for example "4.14.5". + type: string + x-kubernetes-validations: + - message: version must be a valid semantic version + rule: self.matches('^(0|[1-9]\\d*)\\.(0|[1-9]\\d*)\\.(0|[1-9]\\d*)$') + workerRoleARN: + type: string + required: + - availabilityZones + - installerRoleARN + - oidcID + - region + - rolesRef + - rosaClusterName + - subnets + - supportRoleARN + - version + - workerRoleARN + type: object + status: + properties: + conditions: + description: Conditions specifies the cpnditions for the managed control + plane + items: + description: Condition defines an observation of a Cluster API resource + operational state. + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. This should be when the underlying condition changed. + If that is not known, then using the time when the API field + changed is acceptable. + format: date-time + type: string + message: + description: A human readable message indicating details about + the transition. This field may be empty. + type: string + reason: + description: The reason for the condition's last transition + in CamelCase. The specific API may choose whether or not this + field is considered a guaranteed API. This field may not be + empty. + type: string + severity: + description: Severity provides an explicit classification of + Reason code, so the users or machines can immediately understand + the current situation and act accordingly. The Severity field + MUST be set only when Status=False. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition in CamelCase or in foo.example.com/CamelCase. + Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be useful + (see .node.status.conditions), the ability to deconflict is + important. + type: string + required: + - lastTransitionTime + - status + - type + type: object + type: array + consoleURL: + description: ConsoleURL is the url for the openshift console. + type: string + externalManagedControlPlane: + default: true + description: ExternalManagedControlPlane indicates to cluster-api + that the control plane is managed by an external service such as + AKS, EKS, GKE, etc. + type: boolean + failureMessage: + description: "FailureMessage will be set in the event that there is + a terminal problem reconciling the state and will be set to a descriptive + error message. \n This field should not be set for transitive errors + that a controller faces that are expected to be fixed automatically + over time (like service outages), but instead indicate that something + is fundamentally wrong with the spec or the configuration of the + controller, and that manual intervention is required." + type: string + id: + description: ID is the cluster ID given by ROSA. + type: string + initialized: + description: Initialized denotes whether or not the control plane + has the uploaded kubernetes config-map. + type: boolean + oidcEndpointURL: + description: OIDCEndpointURL is the endpoint url for the managed OIDC + porvider. + type: string + ready: + default: false + description: Ready denotes that the ROSAControlPlane API Server is + ready to receive requests. + type: boolean + required: + - ready + type: object + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.13.0 + labels: + cluster.x-k8s.io/provider: infrastructure-aws + cluster.x-k8s.io/v1alpha3: v1alpha3 + cluster.x-k8s.io/v1alpha4: v1alpha4 + cluster.x-k8s.io/v1beta1: v1beta1_v1beta2 + name: rosamachinepools.infrastructure.cluster.x-k8s.io +spec: + group: infrastructure.cluster.x-k8s.io + names: + categories: + - cluster-api + kind: ROSAMachinePool + listKind: ROSAMachinePoolList + plural: rosamachinepools + shortNames: + - rosamp + singular: rosamachinepool + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: MachinePool ready status + jsonPath: .status.ready + name: Ready + type: string + - description: Number of replicas + jsonPath: .status.replicas + name: Replicas + type: integer + name: v1beta2 + schema: + openAPIV3Schema: + description: ROSAMachinePool is the Schema for the rosamachinepools API. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: RosaMachinePoolSpec defines the desired state of RosaMachinePool. + properties: + autoRepair: + default: false + description: AutoRepair specifies whether health checks should be + enabled for machines in the NodePool. The default is false. + type: boolean + autoscaling: + description: Autoscaling specifies auto scaling behaviour for this + MachinePool. required if Replicas is not configured + properties: + maxReplicas: + minimum: 1 + type: integer + minReplicas: + minimum: 1 + type: integer + type: object + availabilityZone: + description: AvailabilityZone is an optinal field specifying the availability + zone where instances of this machine pool should run For Multi-AZ + clusters, you can create a machine pool in a Single-AZ of your choice. + type: string + instanceType: + description: InstanceType specifies the AWS instance type + type: string + labels: + additionalProperties: + type: string + description: Labels specifies labels for the Kubernetes node objects + type: object + nodePoolName: + description: NodePoolName specifies the name of the nodepool in Rosa + must be a valid DNS-1035 label, so it must consist of lower case + alphanumeric and have a max length of 15 characters. + maxLength: 15 + pattern: ^[a-z]([-a-z0-9]*[a-z0-9])?$ + type: string + x-kubernetes-validations: + - message: nodepoolName is immutable + rule: self == oldSelf + providerIDList: + description: ProviderIDList contain a ProviderID for each machine + instance that's currently managed by this machine pool. + items: + type: string + type: array + subnet: + type: string + version: + description: Version specifies the penshift version of the nodes associated + with this machinepool. ROSAControlPlane version is used if not set. + type: string + x-kubernetes-validations: + - message: version must be a valid semantic version + rule: self.matches('^(0|[1-9]\\d*)\\.(0|[1-9]\\d*)\\.(0|[1-9]\\d*)$') + required: + - nodePoolName + type: object + status: + description: RosaMachinePoolStatus defines the observed state of RosaMachinePool. + properties: + conditions: + description: Conditions defines current service state of the managed + machine pool + items: + description: Condition defines an observation of a Cluster API resource + operational state. + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. This should be when the underlying condition changed. + If that is not known, then using the time when the API field + changed is acceptable. + format: date-time + type: string + message: + description: A human readable message indicating details about + the transition. This field may be empty. + type: string + reason: + description: The reason for the condition's last transition + in CamelCase. The specific API may choose whether or not this + field is considered a guaranteed API. This field may not be + empty. + type: string + severity: + description: Severity provides an explicit classification of + Reason code, so the users or machines can immediately understand + the current situation and act accordingly. The Severity field + MUST be set only when Status=False. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition in CamelCase or in foo.example.com/CamelCase. + Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be useful + (see .node.status.conditions), the ability to deconflict is + important. + type: string + required: + - lastTransitionTime + - status + - type + type: object + type: array + failureMessage: + description: "FailureMessage will be set in the event that there is + a terminal problem reconciling the state and will be set to a descriptive + error message. \n This field should not be set for transitive errors + that a controller faces that are expected to be fixed automatically + over time (like service outages), but instead indicate that something + is fundamentally wrong with the spec or the configuration of the + controller, and that manual intervention is required." + type: string + id: + description: ID is the ID given by ROSA. + type: string + ready: + default: false + description: Ready denotes that the RosaMachinePool nodepool has joined + the cluster + type: boolean + replicas: + description: Replicas is the most recently observed number of replicas. + format: int32 + type: integer + required: + - ready + type: object + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + annotations: + ${AWS_CONTROLLER_IAM_ROLE/#arn/eks.amazonaws.com/role-arn: arn} + labels: + cluster.x-k8s.io/provider: infrastructure-aws + control-plane: controller-manager + name: capa-controller-manager + namespace: capa-system +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + labels: + cluster.x-k8s.io/provider: infrastructure-aws + name: capa-leader-elect-role + namespace: capa-system +rules: +- apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - "" + resources: + - configmaps/status + verbs: + - get + - update + - patch +- apiGroups: + - "" + resources: + - events + verbs: + - create +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + cluster.x-k8s.io/provider: infrastructure-aws + name: capa-manager-role +rules: +- apiGroups: + - "" + resources: + - events + verbs: + - create + - get + - list + - patch + - update + - watch +- apiGroups: + - "" + resources: + - namespaces + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - secrets + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - authentication.k8s.io + resources: + - tokenreviews + verbs: + - create +- apiGroups: + - authorization.k8s.io + resources: + - subjectaccessreviews + verbs: + - create +- apiGroups: + - bootstrap.cluster.x-k8s.io + resources: + - eksconfigs + verbs: + - get + - list + - patch + - update + - watch +- apiGroups: + - bootstrap.cluster.x-k8s.io + resources: + - eksconfigs/status + verbs: + - get + - patch + - update +- apiGroups: + - cluster.x-k8s.io + resources: + - clusters + - clusters/status + verbs: + - get + - list + - watch +- apiGroups: + - cluster.x-k8s.io + resources: + - clusters + - machinepools + - machines + verbs: + - get + - list + - watch +- apiGroups: + - cluster.x-k8s.io + resources: + - machinedeployments + verbs: + - get + - list + - watch +- apiGroups: + - cluster.x-k8s.io + resources: + - machinepools + verbs: + - get + - list + - watch +- apiGroups: + - cluster.x-k8s.io + resources: + - machinepools + - machinepools/status + verbs: + - get + - list + - patch + - watch +- apiGroups: + - cluster.x-k8s.io + resources: + - machines + - machines/status + verbs: + - get + - list + - watch +- apiGroups: + - controlplane.cluster.x-k8s.io + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - controlplane.cluster.x-k8s.io + resources: + - awsmanagedcontrolplanes + verbs: + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - controlplane.cluster.x-k8s.io + resources: + - awsmanagedcontrolplanes + - awsmanagedcontrolplanes/status + verbs: + - get + - list + - watch +- apiGroups: + - controlplane.cluster.x-k8s.io + resources: + - awsmanagedcontrolplanes/status + verbs: + - get + - patch + - update +- apiGroups: + - controlplane.cluster.x-k8s.io + resources: + - rosacontrolplanes + verbs: + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - controlplane.cluster.x-k8s.io + resources: + - rosacontrolplanes + - rosacontrolplanes/status + verbs: + - get + - list + - watch +- apiGroups: + - controlplane.cluster.x-k8s.io + resources: + - rosacontrolplanes/status + verbs: + - get + - patch + - update +- apiGroups: + - "" + resources: + - events + verbs: + - create + - get + - list + - patch + - watch +- apiGroups: + - infrastructure.cluster.x-k8s.io + resources: + - awsclustercontrolleridentities + verbs: + - create + - get + - list + - watch +- apiGroups: + - infrastructure.cluster.x-k8s.io + resources: + - awsclustercontrolleridentities + - awsclusterroleidentities + - awsclusterstaticidentities + verbs: + - get + - list + - watch +- apiGroups: + - infrastructure.cluster.x-k8s.io + resources: + - awsclusterroleidentities + - awsclusterstaticidentities + verbs: + - get + - list + - watch +- apiGroups: + - infrastructure.cluster.x-k8s.io + resources: + - awsclusters + verbs: + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - infrastructure.cluster.x-k8s.io + resources: + - awsclusters/status + verbs: + - get + - patch + - update +- apiGroups: + - infrastructure.cluster.x-k8s.io + resources: + - awsfargateprofiles + verbs: + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - infrastructure.cluster.x-k8s.io + resources: + - awsfargateprofiles/status + verbs: + - get + - patch + - update +- apiGroups: + - infrastructure.cluster.x-k8s.io + resources: + - awsmachinepools + verbs: + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - infrastructure.cluster.x-k8s.io + resources: + - awsmachinepools + - awsmachinepools/status + verbs: + - get + - list + - watch +- apiGroups: + - infrastructure.cluster.x-k8s.io + resources: + - awsmachinepools/status + verbs: + - get + - patch + - update +- apiGroups: + - infrastructure.cluster.x-k8s.io + resources: + - awsmachines + verbs: + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - infrastructure.cluster.x-k8s.io + resources: + - awsmachines + - awsmachines/status + verbs: + - get + - list + - watch +- apiGroups: + - infrastructure.cluster.x-k8s.io + resources: + - awsmachines/status + verbs: + - get + - patch + - update +- apiGroups: + - infrastructure.cluster.x-k8s.io + resources: + - awsmachinetemplates + verbs: + - get + - list + - watch +- apiGroups: + - infrastructure.cluster.x-k8s.io + resources: + - awsmanagedclusters + verbs: + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - infrastructure.cluster.x-k8s.io + resources: + - awsmanagedclusters + - awsmanagedclusters/status + verbs: + - get + - list + - watch +- apiGroups: + - infrastructure.cluster.x-k8s.io + resources: + - awsmanagedclusters/status + verbs: + - get + - patch + - update +- apiGroups: + - infrastructure.cluster.x-k8s.io + resources: + - awsmanagedmachinepools + verbs: + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - infrastructure.cluster.x-k8s.io + resources: + - awsmanagedmachinepools + - awsmanagedmachinepools/status + verbs: + - get + - list + - watch +- apiGroups: + - infrastructure.cluster.x-k8s.io + resources: + - awsmanagedmachinepools/status + verbs: + - get + - patch + - update +- apiGroups: + - infrastructure.cluster.x-k8s.io + resources: + - rosaclusters + verbs: + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - infrastructure.cluster.x-k8s.io + resources: + - rosaclusters/status + verbs: + - get + - patch + - update +- apiGroups: + - infrastructure.cluster.x-k8s.io + resources: + - rosamachinepools + verbs: + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - infrastructure.cluster.x-k8s.io + resources: + - rosamachinepools/status + verbs: + - get + - patch + - update +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + labels: + cluster.x-k8s.io/provider: infrastructure-aws + name: capa-leader-elect-rolebinding + namespace: capa-system +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: capa-leader-elect-role +subjects: +- kind: ServiceAccount + name: capa-controller-manager + namespace: capa-system +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + cluster.x-k8s.io/provider: infrastructure-aws + name: capa-manager-rolebinding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: capa-manager-role +subjects: +- kind: ServiceAccount + name: capa-controller-manager + namespace: capa-system +--- +apiVersion: v1 +data: + credentials: ${AWS_B64ENCODED_CREDENTIALS} +kind: Secret +metadata: + labels: + cluster.x-k8s.io/provider: infrastructure-aws + name: capa-manager-bootstrap-credentials + namespace: capa-system +type: Opaque +--- +apiVersion: v1 +kind: Service +metadata: + labels: + cluster.x-k8s.io/provider: infrastructure-aws + name: capa-metrics-service + namespace: capa-system +spec: + ports: + - port: 8080 + protocol: TCP + targetPort: metrics + selector: + cluster.x-k8s.io/provider: infrastructure-aws + type: ClusterIP +--- +apiVersion: v1 +kind: Service +metadata: + labels: + cluster.x-k8s.io/provider: infrastructure-aws + name: capa-webhook-service + namespace: capa-system +spec: + ports: + - port: 443 + targetPort: webhook-server + selector: + cluster.x-k8s.io/provider: infrastructure-aws +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + cluster.x-k8s.io/provider: infrastructure-aws + control-plane: capa-controller-manager + name: capa-controller-manager + namespace: capa-system +spec: + replicas: 1 + selector: + matchLabels: + cluster.x-k8s.io/provider: infrastructure-aws + control-plane: capa-controller-manager + template: + metadata: + annotations: + iam.amazonaws.com/role: ${AWS_CONTROLLER_IAM_ROLE:=""} + labels: + cluster.x-k8s.io/provider: infrastructure-aws + control-plane: capa-controller-manager + spec: + affinity: + nodeAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - preference: + matchExpressions: + - key: ${K8S_CP_LABEL:=node-role.kubernetes.io/control-plane} + operator: Exists + weight: 10 + - preference: + matchExpressions: + - key: node-role.kubernetes.io/master + operator: Exists + weight: 10 + containers: + - args: + - --leader-elect + - --feature-gates=EKS=${CAPA_EKS:=true},EKSEnableIAM=${CAPA_EKS_IAM:=false},EKSAllowAddRoles=${CAPA_EKS_ADD_ROLES:=false},EKSFargate=${EXP_EKS_FARGATE:=false},MachinePool=${EXP_MACHINE_POOL:=false},EventBridgeInstanceState=${EVENT_BRIDGE_INSTANCE_STATE:=false},AutoControllerIdentityCreator=${AUTO_CONTROLLER_IDENTITY_CREATOR:=true},BootstrapFormatIgnition=${EXP_BOOTSTRAP_FORMAT_IGNITION:=false},ExternalResourceGC=${EXP_EXTERNAL_RESOURCE_GC:=false},AlternativeGCStrategy=${EXP_ALTERNATIVE_GC_STRATEGY:=false},TagUnmanagedNetworkResources=${TAG_UNMANAGED_NETWORK_RESOURCES:=true},ROSA=${EXP_ROSA:=false} + - --v=${CAPA_LOGLEVEL:=0} + - --diagnostics-address=${CAPA_DIAGNOSTICS_ADDRESS:=:8443} + - --insecure-diagnostics=${CAPA_INSECURE_DIAGNOSTICS:=false} + env: + - name: AWS_SHARED_CREDENTIALS_FILE + value: /home/.aws/credentials + image: registry.k8s.io/cluster-api-aws/cluster-api-aws-controller:v2.4.0 + imagePullPolicy: IfNotPresent + livenessProbe: + failureThreshold: 3 + httpGet: + path: /healthz + port: healthz + periodSeconds: 10 + name: manager + ports: + - containerPort: 9443 + name: webhook-server + protocol: TCP + - containerPort: 9440 + name: healthz + protocol: TCP + - containerPort: 8443 + name: metrics + protocol: TCP + readinessProbe: + httpGet: + path: /readyz + port: healthz + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + runAsGroup: 65532 + runAsUser: 65532 + volumeMounts: + - mountPath: /tmp/k8s-webhook-server/serving-certs + name: cert + readOnly: true + - mountPath: /home/.aws + name: credentials + securityContext: + fsGroup: 1000 + runAsNonRoot: true + seccompProfile: + type: RuntimeDefault + serviceAccountName: capa-controller-manager + terminationGracePeriodSeconds: 10 + tolerations: + - effect: NoSchedule + key: node-role.kubernetes.io/master + - effect: NoSchedule + key: node-role.kubernetes.io/control-plane + volumes: + - name: cert + secret: + defaultMode: 420 + secretName: capa-webhook-service-cert + - name: credentials + secret: + secretName: capa-manager-bootstrap-credentials +--- +apiVersion: cert-manager.io/v1 +kind: Certificate +metadata: + labels: + cluster.x-k8s.io/provider: infrastructure-aws + name: capa-serving-cert + namespace: capa-system +spec: + dnsNames: + - capa-webhook-service.capa-system.svc + - capa-webhook-service.capa-system.svc.cluster.local + issuerRef: + kind: Issuer + name: capa-selfsigned-issuer + secretName: capa-webhook-service-cert +--- +apiVersion: cert-manager.io/v1 +kind: Issuer +metadata: + labels: + cluster.x-k8s.io/provider: infrastructure-aws + name: capa-selfsigned-issuer + namespace: capa-system +spec: + selfSigned: {} +--- +apiVersion: admissionregistration.k8s.io/v1 +kind: MutatingWebhookConfiguration +metadata: + annotations: + cert-manager.io/inject-ca-from: capa-system/capa-serving-cert + labels: + cluster.x-k8s.io/provider: infrastructure-aws + name: capa-mutating-webhook-configuration +webhooks: +- admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: capa-webhook-service + namespace: capa-system + path: /mutate-infrastructure-cluster-x-k8s-io-v1beta2-awscluster + failurePolicy: Fail + matchPolicy: Equivalent + name: default.awscluster.infrastructure.cluster.x-k8s.io + rules: + - apiGroups: + - infrastructure.cluster.x-k8s.io + apiVersions: + - v1beta2 + operations: + - CREATE + - UPDATE + resources: + - awsclusters + sideEffects: None +- admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: capa-webhook-service + namespace: capa-system + path: /mutate-infrastructure-cluster-x-k8s-io-v1beta2-awsclustercontrolleridentity + failurePolicy: Fail + matchPolicy: Equivalent + name: default.awsclustercontrolleridentity.infrastructure.cluster.x-k8s.io + rules: + - apiGroups: + - infrastructure.cluster.x-k8s.io + apiVersions: + - v1beta2 + operations: + - CREATE + - UPDATE + resources: + - awsclustercontrolleridentities + sideEffects: None +- admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: capa-webhook-service + namespace: capa-system + path: /mutate-infrastructure-cluster-x-k8s-io-v1beta2-awsclusterroleidentity + failurePolicy: Fail + matchPolicy: Equivalent + name: default.awsclusterroleidentity.infrastructure.cluster.x-k8s.io + rules: + - apiGroups: + - infrastructure.cluster.x-k8s.io + apiVersions: + - v1beta2 + operations: + - CREATE + - UPDATE + resources: + - awsclusterroleidentities + sideEffects: None +- admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: capa-webhook-service + namespace: capa-system + path: /mutate-infrastructure-cluster-x-k8s-io-v1beta2-awsclusterstaticidentity + failurePolicy: Fail + matchPolicy: Equivalent + name: default.awsclusterstaticidentity.infrastructure.cluster.x-k8s.io + rules: + - apiGroups: + - infrastructure.cluster.x-k8s.io + apiVersions: + - v1beta2 + operations: + - CREATE + - UPDATE + resources: + - awsclusterstaticidentities + sideEffects: None +- admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: capa-webhook-service + namespace: capa-system + path: /mutate-infrastructure-cluster-x-k8s-io-v1beta2-awsclustertemplate + failurePolicy: Fail + matchPolicy: Equivalent + name: default.awsclustertemplate.infrastructure.cluster.x-k8s.io + rules: + - apiGroups: + - infrastructure.cluster.x-k8s.io + apiVersions: + - v1beta2 + operations: + - CREATE + - UPDATE + resources: + - awsclustertemplates + sideEffects: None +- admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: capa-webhook-service + namespace: capa-system + path: /mutate-infrastructure-cluster-x-k8s-io-v1beta2-awsmachine + failurePolicy: Fail + name: mutation.awsmachine.infrastructure.cluster.x-k8s.io + rules: + - apiGroups: + - infrastructure.cluster.x-k8s.io + apiVersions: + - v1beta2 + operations: + - CREATE + - UPDATE + resources: + - awsmachines + sideEffects: None +- admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: capa-webhook-service + namespace: capa-system + path: /mutate-infrastructure-cluster-x-k8s-io-v1beta2-awsfargateprofile + failurePolicy: Fail + matchPolicy: Equivalent + name: default.awsfargateprofile.infrastructure.cluster.x-k8s.io + rules: + - apiGroups: + - infrastructure.cluster.x-k8s.io + apiVersions: + - v1beta2 + operations: + - CREATE + - UPDATE + resources: + - awsfargateprofiles + sideEffects: None +- admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: capa-webhook-service + namespace: capa-system + path: /mutate-infrastructure-cluster-x-k8s-io-v1beta2-awsmachinepool + failurePolicy: Fail + matchPolicy: Equivalent + name: default.awsmachinepool.infrastructure.cluster.x-k8s.io + rules: + - apiGroups: + - infrastructure.cluster.x-k8s.io + apiVersions: + - v1beta2 + operations: + - CREATE + - UPDATE + resources: + - awsmachinepools + sideEffects: None +- admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: capa-webhook-service + namespace: capa-system + path: /mutate-infrastructure-cluster-x-k8s-io-v1beta2-awsmanagedmachinepool + failurePolicy: Fail + matchPolicy: Equivalent + name: default.awsmanagedmachinepool.infrastructure.cluster.x-k8s.io + rules: + - apiGroups: + - infrastructure.cluster.x-k8s.io + apiVersions: + - v1beta2 + operations: + - CREATE + - UPDATE + resources: + - awsmanagedmachinepools + sideEffects: None +- admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: capa-webhook-service + namespace: capa-system + path: /mutate-bootstrap-cluster-x-k8s-io-v1beta2-eksconfig + failurePolicy: Fail + matchPolicy: Equivalent + name: default.eksconfigs.bootstrap.cluster.x-k8s.io + rules: + - apiGroups: + - bootstrap.cluster.x-k8s.io + apiVersions: + - v1beta2 + operations: + - CREATE + - UPDATE + resources: + - eksconfig + sideEffects: None +- admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: capa-webhook-service + namespace: capa-system + path: /mutate-bootstrap-cluster-x-k8s-io-v1beta2-eksconfigtemplate + failurePolicy: Fail + matchPolicy: Equivalent + name: default.eksconfigtemplates.bootstrap.cluster.x-k8s.io + rules: + - apiGroups: + - bootstrap.cluster.x-k8s.io + apiVersions: + - v1beta2 + operations: + - CREATE + - UPDATE + resources: + - eksconfigtemplate + sideEffects: None +- admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: capa-webhook-service + namespace: capa-system + path: /mutate-controlplane-cluster-x-k8s-io-v1beta2-awsmanagedcontrolplane + failurePolicy: Fail + matchPolicy: Equivalent + name: default.awsmanagedcontrolplanes.controlplane.cluster.x-k8s.io + rules: + - apiGroups: + - controlplane.cluster.x-k8s.io + apiVersions: + - v1beta2 + operations: + - CREATE + - UPDATE + resources: + - awsmanagedcontrolplanes + sideEffects: None +--- +apiVersion: admissionregistration.k8s.io/v1 +kind: ValidatingWebhookConfiguration +metadata: + annotations: + cert-manager.io/inject-ca-from: capa-system/capa-serving-cert + labels: + cluster.x-k8s.io/provider: infrastructure-aws + name: capa-validating-webhook-configuration +webhooks: +- admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: capa-webhook-service + namespace: capa-system + path: /validate-infrastructure-cluster-x-k8s-io-v1beta2-awscluster + failurePolicy: Fail + matchPolicy: Equivalent + name: validation.awscluster.infrastructure.cluster.x-k8s.io + rules: + - apiGroups: + - infrastructure.cluster.x-k8s.io + apiVersions: + - v1beta2 + operations: + - CREATE + - UPDATE + resources: + - awsclusters + sideEffects: None +- admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: capa-webhook-service + namespace: capa-system + path: /validate-infrastructure-cluster-x-k8s-io-v1beta2-awsclustercontrolleridentity + failurePolicy: Fail + matchPolicy: Equivalent + name: validation.awsclustercontrolleridentity.infrastructure.cluster.x-k8s.io + rules: + - apiGroups: + - infrastructure.cluster.x-k8s.io + apiVersions: + - v1beta2 + operations: + - CREATE + - UPDATE + resources: + - awsclustercontrolleridentities + sideEffects: None +- admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: capa-webhook-service + namespace: capa-system + path: /validate-infrastructure-cluster-x-k8s-io-v1beta2-awsclusterroleidentity + failurePolicy: Fail + matchPolicy: Equivalent + name: validation.awsclusterroleidentity.infrastructure.cluster.x-k8s.io + rules: + - apiGroups: + - infrastructure.cluster.x-k8s.io + apiVersions: + - v1beta2 + operations: + - CREATE + - UPDATE + resources: + - awsclusterroleidentities + sideEffects: None +- admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: capa-webhook-service + namespace: capa-system + path: /validate-infrastructure-cluster-x-k8s-io-v1beta2-awsclusterstaticidentity + failurePolicy: Fail + matchPolicy: Equivalent + name: validation.awsclusterstaticidentity.infrastructure.cluster.x-k8s.io + rules: + - apiGroups: + - infrastructure.cluster.x-k8s.io + apiVersions: + - v1beta2 + operations: + - CREATE + - UPDATE + resources: + - awsclusterstaticidentities + sideEffects: None +- admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: capa-webhook-service + namespace: capa-system + path: /validate-infrastructure-cluster-x-k8s-io-v1beta2-awsclustertemplate + failurePolicy: Fail + matchPolicy: Equivalent + name: validation.awsclustertemplate.infrastructure.cluster.x-k8s.io + rules: + - apiGroups: + - infrastructure.cluster.x-k8s.io + apiVersions: + - v1beta2 + operations: + - CREATE + - UPDATE + resources: + - awsclustertemplates + sideEffects: None +- admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: capa-webhook-service + namespace: capa-system + path: /validate-infrastructure-cluster-x-k8s-io-v1beta2-awsmachine + failurePolicy: Fail + matchPolicy: Equivalent + name: validation.awsmachine.infrastructure.cluster.x-k8s.io + rules: + - apiGroups: + - infrastructure.cluster.x-k8s.io + apiVersions: + - v1beta2 + operations: + - CREATE + - UPDATE + resources: + - awsmachines + sideEffects: None +- admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: capa-webhook-service + namespace: capa-system + path: /validate-infrastructure-cluster-x-k8s-io-v1beta2-awsmachinetemplate + failurePolicy: Fail + matchPolicy: Equivalent + name: validation.awsmachinetemplate.infrastructure.cluster.x-k8s.io + rules: + - apiGroups: + - infrastructure.cluster.x-k8s.io + apiVersions: + - v1beta2 + operations: + - CREATE + - UPDATE + resources: + - awsmachinetemplates + sideEffects: None +- admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: capa-webhook-service + namespace: capa-system + path: /validate-infrastructure-cluster-x-k8s-io-v1beta2-awsfargateprofile + failurePolicy: Fail + matchPolicy: Equivalent + name: validation.awsfargateprofile.infrastructure.cluster.x-k8s.io + rules: + - apiGroups: + - infrastructure.cluster.x-k8s.io + apiVersions: + - v1beta2 + operations: + - CREATE + - UPDATE + resources: + - awsfargateprofiles + sideEffects: None +- admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: capa-webhook-service + namespace: capa-system + path: /validate-infrastructure-cluster-x-k8s-io-v1beta2-awsmachinepool + failurePolicy: Fail + matchPolicy: Equivalent + name: validation.awsmachinepool.infrastructure.cluster.x-k8s.io + rules: + - apiGroups: + - infrastructure.cluster.x-k8s.io + apiVersions: + - v1beta2 + operations: + - CREATE + - UPDATE + resources: + - awsmachinepools + sideEffects: None +- admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: capa-webhook-service + namespace: capa-system + path: /validate-infrastructure-cluster-x-k8s-io-v1beta2-awsmanagedmachinepool + failurePolicy: Fail + matchPolicy: Equivalent + name: validation.awsmanagedmachinepool.infrastructure.cluster.x-k8s.io + rules: + - apiGroups: + - infrastructure.cluster.x-k8s.io + apiVersions: + - v1beta2 + operations: + - CREATE + - UPDATE + resources: + - awsmanagedmachinepools + sideEffects: None +- admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: capa-webhook-service + namespace: capa-system + path: /validate-bootstrap-cluster-x-k8s-io-v1beta2-eksconfig + failurePolicy: Fail + matchPolicy: Equivalent + name: validation.eksconfigs.bootstrap.cluster.x-k8s.io + rules: + - apiGroups: + - bootstrap.cluster.x-k8s.io + apiVersions: + - v1beta2 + operations: + - CREATE + - UPDATE + resources: + - eksconfig + sideEffects: None +- admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: capa-webhook-service + namespace: capa-system + path: /validate-bootstrap-cluster-x-k8s-io-v1beta2-eksconfigtemplate + failurePolicy: Fail + matchPolicy: Equivalent + name: validation.eksconfigtemplates.bootstrap.cluster.x-k8s.io + rules: + - apiGroups: + - bootstrap.cluster.x-k8s.io + apiVersions: + - v1beta2 + operations: + - CREATE + - UPDATE + resources: + - eksconfigtemplate + sideEffects: None +- admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: capa-webhook-service + namespace: capa-system + path: /validate-controlplane-cluster-x-k8s-io-v1beta2-awsmanagedcontrolplane + failurePolicy: Fail + matchPolicy: Equivalent + name: validation.awsmanagedcontrolplanes.controlplane.cluster.x-k8s.io + rules: + - apiGroups: + - controlplane.cluster.x-k8s.io + apiVersions: + - v1beta2 + operations: + - CREATE + - UPDATE + resources: + - awsmanagedcontrolplanes + sideEffects: None